Joined: 12 May 2004
|Posted: Mon Jul 27, 2020 11:26 pm Post subject: [ GLSA 202007-25 ] arpwatch
|Gentoo Linux Security Advisory
Title: arpwatch: Root privilege escalation (GLSA 202007-25)
A vulnerability was discovered in arpwatch which may allow local
attackers to gain root privileges.
The ethernet monitor program; for keeping track of ethernet/ip address
Vulnerable: < 2.1.15-r11
Unaffected: >= 2.1.15-r11
Architectures: All supported architectures
It was discovered that Gentoo’s arpwatch ebuild made excessive
permission operations on its data directories, possibly changing
ownership of unintended files. This only affects OpenRC systems, as the
flaw was exploitable via the init script.
A local attacker could escalate privileges.
There is no known workaround at this time.
All arpwatch users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose