Joined: 12 May 2004
|Posted: Wed Jul 20, 2016 5:26 pm Post subject: [ GLSA 201607-16 ] arpwatch
|Gentoo Linux Security Advisory
Title: arpwatch: Privilege escalation (GLSA 201607-16)
Exploitable: local, remote
Date: July 20, 2016
arpwatch is vulnerable to the escalation of privileges.
The ethernet monitor program; for keeping track of ethernet/ip address
Vulnerable: < 2.1.15-r8
Unaffected: >= 2.1.15-r8
Architectures: All supported architectures
Arpwatch does not properly drop supplementary groups.
Attackers, if able to exploit arpwatch, could escalate privileges
outside of the running process.
There is no known workaround at this time.
All arpwatch users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --verbose --oneshot ">=net-analyzer/arpwatch-2.1.15-r8"