Candidate: CVE-2012-2653
PublicDate: 2012-07-12 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2653
Description:
 arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others,
 does not properly drop supplementary groups, which might allow attackers to
 gain root privileges by leveraging other vulnerabilities in the daemon.
Ubuntu-Description:
Notes:
 tyhicks> Per Debian BTS, "Found in version arpwatch/2.1a15-1.1"
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674715
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_arpwatch:
upstream_arpwatch: released (2.1a15-1.2)
hardy_arpwatch: ignored (reached end-of-life)
lucid_arpwatch: released (2.1a15-1.1+squeeze1build0.10.04.1)
natty_arpwatch: released (2.1a15-1.1+squeeze1build0.11.04.1)
oneiric_arpwatch: released (2.1a15-1.1+squeeze1build0.11.10.1)
precise_arpwatch: released (2.1a15-1.1+squeeze1build0.12.04.1)
devel_arpwatch: not-affected (2.1a15-1.2)