Medium: xinetd

🗓️ 16 Oct 2013 00:00:00Reported by AmazonType

Xinetd tcpmux-server service ignores user and group config, allowing services to run as root leading to arbitrary code execution (CVE-2013-4342

Reporter	Title	Published	Views	Family All 62
FreeBSD	xinetd -- ignores user and group directives for TCPMUX services	23 Aug 200500:00	–	freebsd
Tenable Nessus	Amazon Linux AMI : xinetd (ALAS-2013-232)	24 Oct 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : xinetd (CESA-2013:1409)	9 Oct 201300:00	–	nessus
Tenable Nessus	Fedora 20 : xinetd-2.3.15-8.fc20 (2013-18241)	13 Oct 201300:00	–	nessus
Tenable Nessus	Fedora 19 : xinetd-2.3.15-8.fc19 (2013-18243)	13 Oct 201300:00	–	nessus
Tenable Nessus	FreeBSD : xinetd -- ignores user and group directives for TCPMUX services (5c34664f-2c2b-11e3-87c2-00215af774f0)	4 Oct 201300:00	–	nessus
Tenable Nessus	GLSA-201611-06 : xinetd: Privilege escalation	15 Nov 201600:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : xinetd (MDVSA-2013:248)	11 Oct 201300:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: xinetd (CVE-2013-4342)	3 Jul 202400:00	–	nessus
Tenable Nessus	MiracleLinux 3 : xinetd-2.3.14-20.AXS3 (AXSA:2013-656:02)	16 Jan 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	i686	xinetd	2.3.14-39.9.amzn1	xinetd-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux	1	x86_64	xinetd	2.3.14-39.9.amzn1	xinetd-2.3.14-39.9.amzn1.x86_64.rpm
Amazon Linux	1	i686	xinetd-debuginfo	2.3.14-39.9.amzn1	xinetd-debuginfo-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux	1	x86_64	xinetd-debuginfo	2.3.14-39.9.amzn1	xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64.rpm

Source	Link
rhn	www.rhn.redhat.com/errata/RHSA-2013-1409.html

16 Sep 2014 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.6

EPSS0.06391