Security
Security
arpwatch is vulnerable to the escalation of privileges.
| Package | net-analyzer/arpwatch on all architectures |
|---|---|
| Affected versions | < 2.1.15-r8 |
| Unaffected versions | >= 2.1.15-r8 |
The ethernet monitor program; for keeping track of ethernet/ip address pairings.
Arpwatch does not properly drop supplementary groups.
Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process.
There is no known workaround at this time.
All arpwatch users should upgrade to the latest version:
# emerge --sync # emerge --ask --verbose --oneshot ">=net-analyzer/arpwatch-2.1.15-r8"
Release date
July 20, 2016
Latest revision
July 20, 2016: 1
Severity
high
Exploitable
local, remote
Bugzilla entries