CVE-2012-2653

Description

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

References

https://security.gentoo.org/glsa/201607-16

http://www.openwall.com/lists/oss-security/2012/05/25/5

http://www.openwall.com/lists/oss-security/2012/05/24/14

http://www.openwall.com/lists/oss-security/2012/05/24/13

http://www.openwall.com/lists/oss-security/2012/05/24/12

http://www.mandriva.com/security/advisories?name=MDVSA-2012:113

http://www.debian.org/security/2012/dsa-2481

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3