MDVSA-2012:155

Nom du paquet

xinetd

Date

2012-09-28

Advisory ID

MDVSA-2012:155

Affected versions

MES5 i586 , MES5 x86_64

Problem description

A security issue was identified and fixed in xinetd:

builtins.c in Xinetd before 2.3.15 does not check the service type
when the tcpmux-server service is enabled, which exposes all enabled
services and allows remote attackers to bypass intended access
restrictions via a request to tcpmux port 1 (CVE-2012-0862).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 ee80cce6de9576a6203e885417b23f8e  mes5/i586/xinetd-2.3.14-9.1mdvmes5.2.i586.rpm
 a36ab79e05ba302d2f3161c282d78176  mes5/i586/xinetd-simple-services-2.3.14-9.1mdvmes5.2.i586.rpm 
 58a1b7981a34d90cfe189073101f693e  mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm

MES5 x86_64

 6f1de1f720a323d3140064ff926afd9e  mes5/x86_64/xinetd-2.3.14-9.1mdvmes5.2.x86_64.rpm
 54a66d86468ec9ffe6db272fa5684f01  mes5/x86_64/xinetd-simple-services-2.3.14-9.1mdvmes5.2.x86_64.rpm 
 58a1b7981a34d90cfe189073101f693e  mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862