- Description
- arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lawrence_berkeley_national_laboratory:arpwatch:2.1a15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D81A5B6F-2BB2-4836-9C25-C39B9872A00A"
}
],
"operator": "OR"
}
]
}
]