| Summary: | arpwatch new security issue CVE-2012-2653 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | balaton, ennael1, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/500144/ | ||
| Whiteboard: | MGA1TOO mga2-32-OK mga2-64-OK mga1-64-OK mga1-32-OK | ||
| Source RPM: | arpwatch-2.1a15-8.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-06-04 21:56:55 CEST
David Walser
2012-06-14 23:56:42 CEST
CC:
(none) =>
ennael1
David Walser
2012-06-14 23:56:59 CEST
Version:
1 =>
Cauldron I fixed this by updating the patch. Fixed in Cauldron, Mageia 2, and Mageia 1. Advisory: ======================== Updated arpwatch package fixes security vulnerability: Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses (CVE-2012-2653). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2653 http://www.debian.org/security/2012/dsa-2481 ======================== Updated packages in core/updates_testing: ======================== arpwatch-2.1a15-8.1.mga1 arpwatch-2.1a15-9.1.mga2 from SRPMS: arpwatch-2.1a15-8.1.mga1.src.rpm arpwatch-2.1a15-9.1.mga2.src.rpm Version:
Cauldron =>
2 Tested this on mga2-x86_64: Before update: $ grep ^[NUG] /proc/3220/status Name: arpwatch Uid: 492 492 492 492 Gid: 487 487 487 487 Groups: 0 After update from Testing: $ grep ^[NUG] /proc/3444/status Name: arpwatch Uid: 492 492 492 492 Gid: 487 487 487 487 Groups: 487 CC:
(none) =>
balaton Testing complete i586 Mageia 1 Thanks for testing Zoltan, adding the whiteboard keyword. Before ------ Altered /etc/sysconfig/arpwatch as I don't have and active eth0 Started arpwatch service # ps -e | grep arpwatch | grep -v grep 25670 ? 00:00:00 arpwatch # grep ^[NUG] /proc/25670/status Name: arpwatch Uid: 469 469 469 469 Gid: 412 412 412 412 Groups: 0 # grep arpwatch /etc/passwd arpwatch:x:469:412:system user for arpwatch:/var/lib/arpwatch:/bin/sh # grep root /etc/group root:x:0: Shows it is using group 0 which is root. After ----- # rpm -q arpwatch arpwatch-2.1a15-9.1.mga2 # service arpwatch restart Restarting arpwatch (via systemctl): [ OK ] # ps -e | grep arpwatch | grep -v grep 26452 ? 00:00:00 arpwatch # grep ^[NUG] /proc/26452/status Name: arpwatch Uid: 469 469 469 469 Gid: 412 412 412 412 Groups: 412 Shows it is now using arpwatch group. Hardware:
i586 =>
All testing was mageia 2 above not mageia 1 as stated Testing complete Mageia 1 64 tail /var/spool/mail/root shows new stations discovered, as it finds them. Whiteboard:
MGA1TOO mga2-32-OK mga2-64-OK =>
MGA1TOO mga2-32-OK mga2-64-OK mga1-64-OK Testing complete Mageia 1 32 Validating Updates for mga1 and mga2 See comment 1 for advisory and srpms Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0129 Status:
NEW =>
RESOLVED |