CVE-2012-2653

N/A Unknown

Published: July 12, 2012 Modified: April 29, 2026

Description

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2481

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:113

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/24/12

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/24/13

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/24/14

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/25/5

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201607-16

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html