MDVSA-2012:155-1
- Package name
- xinetd
- Date
- 2012-10-02
- Advisory ID
- MDVSA-2012:155-1
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
A security issue was identified and fixed in xinetd:
builtins.c in Xinetd before 2.3.15 does not check the service type
when the tcpmux-server service is enabled, which exposes all enabled
services and allows remote attackers to bypass intended access
restrictions via a request to tcpmux port 1 (CVE-2012-0862).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
ae9737040630c36506de75263084f974 2011/i586/xinetd-2.3.14-13.1-mdv2011.0.i586.rpm 003bb43ec0db849ead63f244416e37f1 2011/i586/xinetd-simple-services-2.3.14-13.1-mdv2011.0.i586.rpm b5135fe1b3920a072cfef64fd75bb23e 2011/SRPMS/xinetd-2.3.14-13.1.src.rpm
2011 x86_64
e8989614f21fea3408d240db31545ba3 2011/x86_64/xinetd-2.3.14-13.1-mdv2011.0.x86_64.rpm cee089878f49c818ddc456797d79b335 2011/x86_64/xinetd-simple-services-2.3.14-13.1-mdv2011.0.x86_64.rpm b5135fe1b3920a072cfef64fd75bb23e 2011/SRPMS/xinetd-2.3.14-13.1.src.rpm