Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-2653

Published: 12/07/2012 Updated: 28/11/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Lawrence Berkeley National Laboratory

Vulnerability Summary

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow malicious users to gain root privileges by leveraging other vulnerabilities in the daemon.

Vulnerable Product Search on Vulmon Subscribe to Product

lawrence berkeley national laboratory arpwatch 2.1a15

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2653: initgroups() adds gid 0 to the group list
Debian Bug report logs - #674715 CVE-2012-2653: initgroups() adds gid 0 to the group list Package: arpwatch; Maintainer for arpwatch is Debian Security Tools <team+pkg-security@trackerdebianorg>; Source for arpwatch is src:arpwatch (PTS, buildd, popcon) Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Sat, ...
Debian Security Advisories: DSA-2481-1 arpwatch -- fails to drop supplementary groups
Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses For the stable distribution (squeeze), this problem has been fixed in version 21a15-11+squeeze1 For the ...

References

NVD-CWE-Otherhttp://www.openwall.com/lists/oss-security/2012/05/24/12http://www.debian.org/security/2012/dsa-2481http://www.openwall.com/lists/oss-security/2012/05/24/14http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.htmlhttp://www.openwall.com/lists/oss-security/2012/05/25/5http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.htmlhttp://www.openwall.com/lists/oss-security/2012/05/24/13http://www.mandriva.com/security/advisories?name=MDVSA-2012:113https://security.gentoo.org/glsa/201607-16https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674715https://nvd.nist.govhttps://www.debian.org/security/./dsa-2481
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook