ID CVE-2012-2653
Summary arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
References
Vulnerable Configurations
  • cpe:2.3:a:lawrence_berkeley_national_laboratory:arpwatch:2.1a15:*:*:*:*:*:*:*
    cpe:2.3:a:lawrence_berkeley_national_laboratory:arpwatch:2.1a15:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 28-11-2016 - 19:08)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
debian DSA-2481
fedora
  • FEDORA-2012-8675
  • FEDORA-2012-8677
  • FEDORA-2012-8702
gentoo GLSA-201607-16
mandriva MDVSA-2012:113
mlist
  • [oss-security] 20120524 Re: CVE Request: powerdns does not clear supplementary groups
  • [oss-security] 20120525 Re: CVE Request: powerdns does not clear supplementary groups
Last major update 28-11-2016 - 19:08
Published 12-07-2012 - 20:55
Last modified 28-11-2016 - 19:08
Back to Top