Vulnerabilities > CVE-2012-2653 - Security Bypass vulnerability in Lawrence Berkeley National Laboratory Arpwatch 2.1A15
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-113.NASL description A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon (CVE-2012-2653). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61966 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61966 title Mandriva Linux Security Advisory : arpwatch (MDVSA-2012:113) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:113. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61966); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-2653"); script_bugtraq_id(54157); script_xref(name:"MDVSA", value:"2012:113"); script_name(english:"Mandriva Linux Security Advisory : arpwatch (MDVSA-2012:113)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon (CVE-2012-2653). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected arpwatch package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:arpwatch"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", reference:"arpwatch-2.1a15-9.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201607-16.NASL description The remote host is affected by the vulnerability described in GLSA-201607-16 (arpwatch: Privilege escalation) Arpwatch does not properly drop supplementary groups. Impact : Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 92486 published 2016-07-21 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92486 title GLSA-201607-16 : arpwatch: Privilege escalation code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201607-16. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(92486); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2016/07/21 13:58:10 $"); script_cve_id("CVE-2012-2653"); script_xref(name:"GLSA", value:"201607-16"); script_name(english:"GLSA-201607-16 : arpwatch: Privilege escalation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201607-16 (arpwatch: Privilege escalation) Arpwatch does not properly drop supplementary groups. Impact : Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201607-16" ); script_set_attribute( attribute:"solution", value: "All arpwatch users should upgrade to the latest version: # emerge --sync # emerge --ask --verbose --oneshot '>=net-analyzer/arpwatch-2.1.15-r8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:arpwatch"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/arpwatch", unaffected:make_list("ge 2.1.15-r8"), vulnerable:make_list("lt 2.1.15-r8"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arpwatch"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2012-8702.NASL description with last seen 2020-03-17 modified 2012-06-20 plugin id 59573 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59573 title Fedora 15 : arpwatch-2.1a15-16.fc15 (2012-8702) NASL family SuSE Local Security Checks NASL id SUSE_11_ARPWATCH-120718.NASL description arpwatch was improperly dropping its privileges. This has been fixed. last seen 2020-06-05 modified 2013-01-25 plugin id 64109 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64109 title SuSE 11.1 Security Update : arpwatch (SAT Patch Number 6570) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-030.NASL description A vulnerability has been discovered and corrected in arpwatch : arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon (CVE-2012-2653). The updated packages have been patched to correct this issue. NOTE: This advisory was previousely given the MDVSA-2013:017 identifier by mistake. last seen 2020-06-01 modified 2020-06-02 plugin id 66044 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66044 title Mandriva Linux Security Advisory : arpwatch (MDVSA-2013:030) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8677.NASL description with last seen 2020-03-17 modified 2012-06-20 plugin id 59572 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59572 title Fedora 17 : arpwatch-2.1a15-20.fc17 (2012-8677) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8675.NASL description with last seen 2020-03-17 modified 2012-06-20 plugin id 59571 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59571 title Fedora 16 : arpwatch-2.1a15-18.fc16 (2012-8675) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2481.NASL description Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses. last seen 2020-03-17 modified 2012-06-29 plugin id 59759 published 2012-06-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59759 title Debian DSA-2481-1 : arpwatch - fails to drop supplementary groups NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-439.NASL description Changes in arpwatch : - arpwatch-2.1a11-drop-privs.dif: call initgroups() with pw->pw_gid, not NULL, to not have groupid 0 initialized. (bnc#764521, CVE-2012-2653) last seen 2020-06-05 modified 2014-06-13 plugin id 74689 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74689 title openSUSE Security Update : arpwatch (openSUSE-SU-2012:0915-1)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html
- http://www.debian.org/security/2012/dsa-2481
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:113
- http://www.openwall.com/lists/oss-security/2012/05/24/12
- http://www.openwall.com/lists/oss-security/2012/05/24/13
- http://www.openwall.com/lists/oss-security/2012/05/24/14
- http://www.openwall.com/lists/oss-security/2012/05/25/5
- https://security.gentoo.org/glsa/201607-16