CVE-2012-2653

Name of the Vulnerable Software and Affected Versions arpwatch versions 2.1a15

Description The issue concerns multiple vulnerabilities in the arpwatch package, which can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Specifically, arpwatch does not properly drop supplementary groups, potentially allowing attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

Recommendations For arpwatch version 2.1a15, consider restricting access to the daemon until a patch is available to prevent potential privilege escalation. As a temporary workaround, ensure that the daemon is run with the least privileges necessary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.