Input validation error in arpwatch - CVE-2012-2653
Published: July 12, 2012 / Updated: August 4, 2020
Vulnerability identifier: #VU33951
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2012-2653
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LBNL\'s Network Research Group
Affected software:
arpwatch
arpwatch
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
How to mitigate CVE-2012-2653
Install update from vendor's website.
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html
- http://www.debian.org/security/2012/dsa-2481
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:113
- http://www.openwall.com/lists/oss-security/2012/05/24/12
- http://www.openwall.com/lists/oss-security/2012/05/24/13
- http://www.openwall.com/lists/oss-security/2012/05/24/14
- http://www.openwall.com/lists/oss-security/2012/05/25/5
- https://security.gentoo.org/glsa/201607-16