Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201607-16
HistoryJul 20, 2016 - 12:00 a.m.

arpwatch: Privilege escalation

2016-07-2000:00:00
Gentoo Foundation
security.gentoo.org
12

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.6%

JSON

Background

The ethernet monitor program; for keeping track of ethernet/ip address pairings.

Description

Arpwatch does not properly drop supplementary groups.

Impact

Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process.

Workaround

There is no known workaround at this time.

Resolution

All arpwatch users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --verbose --oneshot ">=net-analyzer/arpwatch-2.1.15-r8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/arpwatch< 2.1.15-r8UNKNOWN

Related

openvas 12
securityvulns 2
nessus 9
fedora 3
debian 3
ubuntucve 1
cbl_mariner 1
debiancve 1
prion 1
cve 1
ibm 1
openvas
openvas
Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch)
2012-07-30 00:00:00
Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch)
2012-07-30 00:00:00
Debian Security Advisory DSA 2482-1 (libgdata)
2012-08-10 00:00:00
securityvulns
securityvulns
arpwatch protection bypass
2012-06-17 00:00:00
[SECURITY] [DSA 2481-1] arpwatch security update
2012-06-17 00:00:00
nessus
nessus
GLSA-201607-16 : arpwatch: Privilege escalation
2016-07-21 00:00:00
Mandriva Linux Security Advisory : arpwatch (MDVSA-2013:030)
2013-04-20 00:00:00
Fedora 15 : arpwatch-2.1a15-16.fc15 (2012-8702)
2012-06-20 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: arpwatch-2.1a15-18.fc16
2012-06-20 00:35:29
[SECURITY] Fedora 15 Update: arpwatch-2.1a15-16.fc15
2012-06-20 00:34:25
[SECURITY] Fedora 17 Update: arpwatch-2.1a15-20.fc17
2012-06-20 00:31:35
debian
debian
[SECURITY] [DSA 2481-1] arpwatch security update
2012-06-02 12:50:29
[SECURITY] [DSA 2482-1] arpwatch security update
2012-06-02 12:52:49
[SECURITY] [DSA 2482-1] libgdata security update
2012-06-02 13:06:05
ubuntucve
ubuntucve
CVE-2012-2653
2012-07-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2012-2653 affecting package arpwatch 2.1a15-51
2024-05-05 09:06:37
debiancve
debiancve
CVE-2012-2653
2012-07-12 20:55:00
prion
prion
Design/Logic Flaw
2012-07-12 20:55:00
cve
cve
CVE-2012-2653
2012-07-12 20:55:00
ibm
ibm
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.
2021-12-15 07:41:22

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for GLSA-201607-16
openvas12securityvulns2nessus9fedora3debian3ubuntucve1cbl_mariner1debiancve1prion1cve1ibm1