ID CVE-2012-2653
Summary arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
References
Vulnerable Configurations
  • cpe:2.3:a:lawrence_berkeley_national_laboratory:arpwatch:2.1a15
    cpe:2.3:a:lawrence_berkeley_national_laboratory:arpwatch:2.1a15
CVSS
Base: 10.0 (as of 13-07-2012 - 11:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-113.NASL
    description A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon (CVE-2012-2653). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61966
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61966
    title Mandriva Linux Security Advisory : arpwatch (MDVSA-2012:113)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8677.NASL
    description with '-u' fix supplementary group list (#825328) (CVE-2012-2653) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59572
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59572
    title Fedora 17 : arpwatch-2.1a15-20.fc17 (2012-8677)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8702.NASL
    description with '-u' fix supplementary group list (#825328) (CVE-2012-2653) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59573
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59573
    title Fedora 15 : arpwatch-2.1a15-16.fc15 (2012-8702)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ARPWATCH-120718.NASL
    description arpwatch was improperly dropping its privileges. This has been fixed.
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 64109
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64109
    title SuSE 11.1 Security Update : arpwatch (SAT Patch Number 6570)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-030.NASL
    description A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon (CVE-2012-2653). The updated packages have been patched to correct this issue. NOTE: This advisory was previousely given the MDVSA-2013:017 identifier by mistake.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66044
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66044
    title Mandriva Linux Security Advisory : arpwatch (MDVSA-2013:030)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2481.NASL
    description Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59759
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59759
    title Debian DSA-2481-1 : arpwatch - fails to drop supplementary groups
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201607-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201607-16 (arpwatch: Privilege escalation) Arpwatch does not properly drop supplementary groups. Impact : Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-07-21
    plugin id 92486
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92486
    title GLSA-201607-16 : arpwatch: Privilege escalation
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-439.NASL
    description Changes in arpwatch : - arpwatch-2.1a11-drop-privs.dif: call initgroups() with pw->pw_gid, not NULL, to not have groupid 0 initialized. (bnc#764521, CVE-2012-2653)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74689
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74689
    title openSUSE Security Update : arpwatch (openSUSE-SU-2012:0915-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8675.NASL
    description with '-u' fix supplementary group list (#825328) (CVE-2012-2653) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59571
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59571
    title Fedora 16 : arpwatch-2.1a15-18.fc16 (2012-8675)
refmap via4
debian DSA-2481
fedora
  • FEDORA-2012-8675
  • FEDORA-2012-8677
  • FEDORA-2012-8702
gentoo GLSA-201607-16
mandriva MDVSA-2012:113
mlist
  • [oss-security] 20120524 Re: CVE Request: powerdns does not clear supplementary groups
  • [oss-security] 20120525 Re: CVE Request: powerdns does not clear supplementary groups
Last major update 28-11-2016 - 14:08
Published 12-07-2012 - 16:55
Back to Top