Thomas Swan reports:
xinetd allows for services to be configured with the TCPMUX
or TCPMUXPLUS service types, which makes those services
available on port 1, as per RFC 1078 [1], if the tcpmux-server
service is enabled. When the tcpmux-server service is enabled,
xinetd would expose all enabled services via the tcpmux port,
instead of just the configured service(s). This could allow
a remote attacker to bypass firewall restrictions and access
services via the tcpmux port.