Lucene search

[email protected]CVE-2012-2653

HistoryJul 12, 2012 - 8:55 p.m.

CVE-2012-2653

2012-07-1220:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

127

cve

2012-2653

arpwatch

red hat

debian

fedora

root privileges

vulnerability

nvd

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.6%

JSON

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

CPENameOperatorVersion
lawrence_berkeley_national_laboratory:arpwatchlawrence berkeley national laboratory arpwatcheq2.1a15

CPE	Name	Operator	Version
lawrence_berkeley_national_laboratory:arpwatch	lawrence berkeley national laboratory arpwatch	eq	2.1a15

References

lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html

www.debian.org/security/2012/dsa-2481

www.mandriva.com/security/advisories?name=MDVSA-2012:113

www.openwall.com/lists/oss-security/2012/05/24/12

www.openwall.com/lists/oss-security/2012/05/24/13

www.openwall.com/lists/oss-security/2012/05/24/14

www.openwall.com/lists/oss-security/2012/05/25/5

security.gentoo.org/glsa/201607-16

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2012-2653

openvas12 securityvulns2 nessus9 fedora3 debian3 ubuntucve1 gentoo1 cbl_mariner1 debiancve1 prion1 ibm1