Vulnerability CVE-2012-2653


Published: 2012-07-12   Modified: 2012-07-17

Description:
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Lawrence berkeley national laboratory -> Arpwatch 

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html
http://www.debian.org/security/2012/dsa-2481
http://www.mandriva.com/security/advisories?name=MDVSA-2012:113
http://www.openwall.com/lists/oss-security/2012/05/24/12
http://www.openwall.com/lists/oss-security/2012/05/24/13
http://www.openwall.com/lists/oss-security/2012/05/24/14
http://www.openwall.com/lists/oss-security/2012/05/25/5
https://security.gentoo.org/glsa/201607-16

Copyright 2024, cxsecurity.com

 

Back to Top