Paketname
xinetd
Datum
2012-10-02
Advisory ID
MDVSA-2012:155-1
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

A security issue was identified and fixed in xinetd:

builtins.c in Xinetd before 2.3.15 does not check the service type
when the tcpmux-server service is enabled, which exposes all enabled
services and allows remote attackers to bypass intended access
restrictions via a request to tcpmux port 1 (CVE-2012-0862).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2011 i586

 ae9737040630c36506de75263084f974  2011/i586/xinetd-2.3.14-13.1-mdv2011.0.i586.rpm
 003bb43ec0db849ead63f244416e37f1  2011/i586/xinetd-simple-services-2.3.14-13.1-mdv2011.0.i586.rpm 
 b5135fe1b3920a072cfef64fd75bb23e  2011/SRPMS/xinetd-2.3.14-13.1.src.rpm

2011 x86_64

 e8989614f21fea3408d240db31545ba3  2011/x86_64/xinetd-2.3.14-13.1-mdv2011.0.x86_64.rpm
 cee089878f49c818ddc456797d79b335  2011/x86_64/xinetd-simple-services-2.3.14-13.1-mdv2011.0.x86_64.rpm 
 b5135fe1b3920a072cfef64fd75bb23e  2011/SRPMS/xinetd-2.3.14-13.1.src.rpm

Referenzen