Alpine: multiple arpwatch packages: security update to 2.1-r3 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 401287

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop
supplementary groups, which might allow attackers to gain root privileges by leveraging other
vulnerabilities in the daemon. (CVE-2012-2653)

See Also

https://git.alpinelinux.org/aports/commit/?id=9e53e215d8bbbec9dd0dafe2b59a2d6d96454fad

https://git.alpinelinux.org/aports/commit/?id=aa5ea892d95139b20314f82df9ad10eb95614864

Plugin Details

Severity: Critical

ID: 401287

Version: Revision 1.24

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-2653

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2012

Vulnerability Publication Date: 5/25/2012

Reference Information

CVE: CVE-2012-2653

BID: 54157