arpwatch: Root privilege escalation — GLSA 202007-25

A vulnerability was discovered in arpwatch which may allow local attackers to gain root privileges.

Affected packages

net-analyzer/arpwatch on all architectures
Affected versions < 2.1.15-r11
Unaffected versions >= 2.1.15-r11

Background

The ethernet monitor program; for keeping track of ethernet/ip address pairings.

Description

It was discovered that Gentoo’s arpwatch ebuild made excessive permission operations on its data directories, possibly changing ownership of unintended files. This only affects OpenRC systems, as the flaw was exploitable via the init script.

Impact

A local attacker could escalate privileges.

Workaround

There is no known workaround at this time.

Resolution

All arpwatch users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-analyzer/arpwatch-2.1.15-r11"
 

References

Release date
July 27, 2020

Latest revision
July 27, 2020: 1

Severity
high

Exploitable
local

Bugzilla entries