GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jul 27, 2020 11:26 pm Post subject: [ GLSA 202007-25 ] arpwatch |
 |
|
Gentoo Linux Security Advisory
Title: arpwatch: Root privilege escalation (GLSA 202007-25)
Severity: high
Exploitable: local
Date: 2020-07-27
Bug(s): #602552
ID: 202007-25
Synopsis
A vulnerability was discovered in arpwatch which may allow local
attackers to gain root privileges.
Background
The ethernet monitor program; for keeping track of ethernet/ip address
pairings.
Affected Packages
Package: net-analyzer/arpwatch
Vulnerable: < 2.1.15-r11
Unaffected: >= 2.1.15-r11
Architectures: All supported architectures
Description
It was discovered that Gentoo’s arpwatch ebuild made excessive
permission operations on its data directories, possibly changing
ownership of unintended files. This only affects OpenRC systems, as the
flaw was exploitable via the init script.
Impact
A local attacker could escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All arpwatch users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-analyzer/arpwatch-2.1.15-r11"
|
|
|
News & Announcements
