CVE-2012-2653 - Cryptogamic Burrowing Frog

Description

arpwatch 2.1a15 as used by Red Hat Debian Fedora and possibly others does not properly drop supplementary groups which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

Reference

http://www.openwall.com/lists/oss-security/2012/05/24/12 http://www.debian.org/security/2012/dsa-2481 http://www.openwall.com/lists/oss-security/2012/05/24/14 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html http://www.openwall.com/lists/oss-security/2012/05/25/5 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html http://www.openwall.com/lists/oss-security/2012/05/24/13 http://www.mandriva.com/security/advisories?name=MDVSA-2012:113 https://security.gentoo.org/glsa/201607-16