Executive Summary
Summary | |
---|---|
Title | arpwatch: Privilege escalation |
Informations | |||
---|---|---|---|
Name | GLSA-201607-16 | First vendor Publication | 2016-07-20 |
Vendor | Gentoo | Last vendor Modification | 2016-07-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis arpwatch is vulnerable to the escalation of privileges. Background Description Impact Workaround Resolution References Availability |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201607-16.xml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18519 | |||
Oval ID: | oval:org.mitre.oval:def:18519 | ||
Title: | DSA-2481-1 arpwatch - fails to drop supplementary groups | ||
Description: | Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2481-1 CVE-2012-2653 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | arpwatch |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-30 | Name : Fedora Update for arpwatch FEDORA-2012-8677 File : nvt/gb_fedora_2012_8677_arpwatch_fc17.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2481-1 (arpwatch) File : nvt/deb_2481_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2482-1 (libgdata) File : nvt/deb_2482_1.nasl |
2012-07-30 | Name : Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch) File : nvt/gb_mandriva_MDVSA_2012_113.nasl |
2012-06-22 | Name : Fedora Update for arpwatch FEDORA-2012-8675 File : nvt/gb_fedora_2012_8675_arpwatch_fc16.nasl |
2012-06-22 | Name : Fedora Update for arpwatch FEDORA-2012-8702 File : nvt/gb_fedora_2012_8702_arpwatch_fc15.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-07-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-16.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-439.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-030.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_arpwatch-120718.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2012-113.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2481.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8675.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8677.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8702.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-07-22 13:38:25 |
|
2016-07-22 13:36:16 |
|