{"id": "CENTOS_RHSA-2013-1302.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2014-11-12T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "reporter": "Tenable", "references": ["http://www.nessus.org/u?29e73c77"], "cvelist": ["CVE-2012-0862"], "type": "nessus", "lastseen": "2018-11-29T19:35:16", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 6, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d7608e7bac0ac936e10772ad31de21cadd983bae642c5d92a8129eec777751cd", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e3522d85b1232dfb9103a0c97dd4447", "key": "references"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "fb858671be55513c76bc235c3a3c5916", "key": "sourceData"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2018-11-11T12:57:39", "modified": "2018-11-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?29e73c77"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e73c77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-11-11T12:57:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "66e4ecae4cc28c287946fc6c7856ad77e1b682848b803b0d8911f17297a52f1d", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "fb858671be55513c76bc235c3a3c5916", "key": "sourceData"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2018-11-11T08:35:37", "modified": "2014-11-12T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e73c77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 5, "lastseen": "2018-11-11T08:35:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 1, "enchantments": {}, "hash": "7b7d70a97d34110cfd1634e16fee97896b69a757d740e0d535d4adfa5df81e2d", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2016-09-26T17:25:31", "modified": "2014-11-12T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "903b0db3d0ffdc67877db6c150a78887e41541e2295d87a003d08a826ec80720", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2017-10-29T13:41:23", "modified": "2014-11-12T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:41:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "1ad41340e0f908ffb027d86b0145b03174bd3f443e872794a4e14c7a8b34bde9", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2018-08-30T19:49:19", "modified": "2014-11-12T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:49:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvelist": ["CVE-2012-0862"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "903b0db3d0ffdc67877db6c150a78887e41541e2295d87a003d08a826ec80720", "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2018-09-01T23:56:25", "modified": "2014-11-12T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79148", "published": "2014-11-12T00:00:00", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "type": "nessus", "viewCount": 0}, "differentElements": ["sourceData"], "edition": 4, "lastseen": "2018-09-01T23:56:25"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2c30007d0fffdbc6e4475673a74383ce"}, {"key": "cvelist", "hash": "d93ebb71c25908a7c76920c604ec886d"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "78e88512baddbf8126ccc1653b3a4eb9"}, {"key": "href", "hash": "c8d032582cf54061009575519a5f2d98"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "c74cb9bc136e7e21499547c9a8df48e6"}, {"key": "published", "hash": "7798028bbad8be2f32c407b97f10b530"}, {"key": "references", "hash": "8e3522d85b1232dfb9103a0c97dd4447"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f7868204a2b3fec524fec04011888807"}, {"key": "title", "hash": "8bb2950b46b8631fd1d96a3e74abbba6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b970dd4a59253bae5f4cca33aa03f41b7c830d0c3c24a3b071cb1b13cd91fac2", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e73c77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "79148", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"]}

{"cve": [{"lastseen": "2017-08-29T12:17:32", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html", "https://bugzilla.redhat.com/show_bug.cgi?id=790940", "http://www.openwall.com/lists/oss-security/2012/05/09/5", "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:155", "http://rhn.redhat.com/errata/RHSA-2013-1302.html", "http://www.openwall.com/lists/oss-security/2012/05/10/2", "http://www.xinetd.org/#changes", "http://www.securitytracker.com/id?1027050", "https://exchange.xforce.ibmcloud.com/vulnerabilities/75965", "https://bugzilla.redhat.com/attachment.cgi?id=583311", "http://www.securityfocus.com/bid/53720"], "description": "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.", "edition": 2, "reporter": "NVD", "published": "2012-06-04T16:55:02", "title": "CVE-2012-0862", "type": "cve", "enchantments": {"score": {"modified": "2017-08-29T12:17:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-0862"], "scanner": [], "modified": "2017-08-28T21:31:04", "cpe": ["cpe:/a:xinetd:xinetd:2.3.8", "cpe:/a:xinetd:xinetd:2.3.5", "cpe:/a:xinetd:xinetd:2.3.13", "cpe:/a:xinetd:xinetd:2.3.7", "cpe:/a:xinetd:xinetd:2.3.12", "cpe:/a:xinetd:xinetd:2.3.9", "cpe:/a:xinetd:xinetd:2.3.10", "cpe:/a:xinetd:xinetd:2.3.14", "cpe:/a:xinetd:xinetd:2.3.6", "cpe:/a:xinetd:xinetd:2.3.11"], "id": "CVE-2012-0862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0862", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:155\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : xinetd\r\n Date : September 28, 2012\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A security issue was identified and fixed in xinetd:\r\n \r\n builtins.c in Xinetd before 2.3.15 does not check the service type\r\n when the tcpmux-server service is enabled, which exposes all enabled\r\n services and allows remote attackers to bypass intended access\r\n restrictions via a request to tcpmux port 1 &#40;CVE-2012-0862&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n ee80cce6de9576a6203e885417b23f8e mes5/i586/xinetd-2.3.14-9.1mdvmes5.2.i586.rpm\r\n a36ab79e05ba302d2f3161c282d78176 mes5/i586/xinetd-simple-services-2.3.14-9.1mdvmes5.2.i586.rpm \r\n 58a1b7981a34d90cfe189073101f693e mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 6f1de1f720a323d3140064ff926afd9e mes5/x86_64/xinetd-2.3.14-9.1mdvmes5.2.x86_64.rpm\r\n 54a66d86468ec9ffe6db272fa5684f01 mes5/x86_64/xinetd-simple-services-2.3.14-9.1mdvmes5.2.x86_64.rpm \r\n 58a1b7981a34d90cfe189073101f693e mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFQZYRJmqjQ0CJFipgRAq50AKDqxyDefIb3S4vLFbBD1sLI92fL6ACg4bJs\r\n3BpHMREDN4brblls5KUW9GA=\r\n=9rHS\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-10-01T00:00:00", "title": "CVE-2012-0862", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:46", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-0862"], "modified": "2012-10-01T00:00:00", "id": "SECURITYVULNS:DOC:28589", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28589", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:48", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28589"], "description": "tcpmux invalid service type check", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-10-01T00:00:00", "title": "xinitd restrictions bypass", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:48", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "xinetd", "version": "2.3", "operator": "eq"}], "cvelist": ["CVE-2012-0862"], "modified": "2012-10-01T00:00:00", "id": "SECURITYVULNS:VULN:12600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12600", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-01-08T12:58:33", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html", "2012-8061"], "pluginID": "864267", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-01T00:00:00", "title": "Fedora Update for xinetd FEDORA-2012-8061", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-01-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864267", "id": "OPENVAS:864267", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xinetd FEDORA-2012-8061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xinetd on Fedora 16\";\ntag_insight = \"Xinetd is a secure replacement for inetd, the Internet services\n daemon. Xinetd provides access control for all services based on the\n address of the remote host and/or on time of access and can prevent\n denial-of-access attacks. Xinetd provides extensive logging, has no\n limit on the number of server arguments, and lets you bind specific\n services to specific IP addresses on your host machine. Each service\n has its own specific configuration file for Xinetd; the files are\n located in the /etc/xinetd.d directory.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html\");\n script_id(864267);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-01 09:50:17 +0530 (Fri, 01 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0862\");\n script_xref(name: \"FEDORA\", value: \"2012-8061\");\n script_name(\"Fedora Update for xinetd FEDORA-2012-8061\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~47.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:59:11", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html", "2012-8061"], "pluginID": "1361412562310864267", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-01T00:00:00", "title": "Fedora Update for xinetd FEDORA-2012-8061", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310864267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864267", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xinetd FEDORA-2012-8061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xinetd on Fedora 16\";\ntag_insight = \"Xinetd is a secure replacement for inetd, the Internet services\n daemon. Xinetd provides access control for all services based on the\n address of the remote host and/or on time of access and can prevent\n denial-of-access attacks. Xinetd provides extensive logging, has no\n limit on the number of server arguments, and lets you bind specific\n services to specific IP addresses on your host machine. Each service\n has its own specific configuration file for Xinetd; the files are\n located in the /etc/xinetd.d directory.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864267\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-01 09:50:17 +0530 (Fri, 01 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0862\");\n script_xref(name: \"FEDORA\", value: \"2012-8061\");\n script_name(\"Fedora Update for xinetd FEDORA-2012-8061\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~47.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-28T18:23:56", "references": ["http://linux.oracle.com/errata/ELSA-2013-0499.html"], "pluginID": "1361412562310123709", "description": "Oracle Linux Local Security Checks ELSA-2013-0499", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0499", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123709", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0499.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123709\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:31 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0499\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0499 - xinetd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0499\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0499.html\");\n script_cve_id(\"CVE-2012-0862\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~38.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:52", "references": ["2013:0499", "http://lists.centos.org/pipermail/centos-announce/2013-March/019552.html"], "pluginID": "1361412562310881672", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-12T00:00:00", "title": "CentOS Update for xinetd CESA-2013:0499 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881672", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xinetd CESA-2013:0499 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xinetd package provides a secure replacement for inetd, the Internet\n services daemon. xinetd provides access control for all services based on\n the address of the remote host and/or on time of access, and can prevent\n denial-of-access attacks.\n\n When xinetd services are configured with the type,\n and the tcpmux-server service is enabled, those services are accessible via\n port 1. It was found that enabling the tcpmux-server service (it is\n disabled by default) allowed every xinetd service, including those that are\n not configured with the type, to be accessible via port 1. This could allow\n a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862)\n \n Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n \n This update also fixes the following bugs:\n \n * Prior to this update, a file descriptor array in the service.c source\n file was not handled as expected. As a consequence, some of the descriptors\n remained open when xinetd was under heavy load. Additionally, the system\n log was filled with a large number of messages that took up a lot of disk\n space over time. This update modifies the xinetd code to handle the file\n descriptors correctly and messages no longer fill the system log.\n (BZ#790036)\n \n * Prior to this update, services were disabled permanently when their CPS\n limit was reached. As a consequence, a failed bind operation could occur\n when xinetd attempted to restart the service. This update adds additional\n logic that attempts to restart the service. Now, the service is only\n disabled if xinetd cannot restart the service after 30 attempts.\n (BZ#809271)\n \n All users of xinetd are advised to upgrade to this updated package, which\n contains backported patches to correct these issues.\";\n\n\ntag_affected = \"xinetd on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019552.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881672\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:07 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-0862\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0499\");\n script_name(\"CentOS Update for xinetd CESA-2013:0499 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~38.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:18", "references": ["2012:155-1", "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:155-1"], "pluginID": "831736", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-10-03T00:00:00", "title": "Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-01-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831736", "id": "OPENVAS:831736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security issue was identified and fixed in xinetd:\n\n builtins.c in Xinetd before 2.3.15 does not check the service type\n when the tcpmux-server service is enabled, which exposes all enabled\n services and allows remote attackers to bypass intended access\n restrictions via a request to tcpmux port 1 (CVE-2012-0862).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"xinetd on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:155-1\");\n script_id(831736);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:25:23 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-0862\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:155-1\");\n script_name(\"Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~13.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xinetd-simple-services\", rpm:\"xinetd-simple-services~2.3.14~13.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-19T15:09:15", "references": ["2013:1302-01", "https://www.redhat.com/archives/rhsa-announce/2013-September/msg00049.html"], "pluginID": "871043", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-10-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "RedHat Update for xinetd RHSA-2013:1302-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871043", "id": "OPENVAS:871043", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xinetd RHSA-2013:1302-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871043);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:17:04 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2012-0862\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for xinetd RHSA-2013:1302-01\");\n\n tag_insight = \"The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\";\n\n tag_affected = \"xinetd on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1302-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-September/msg00049.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~19.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xinetd-debuginfo\", rpm:\"xinetd-debuginfo~2.3.14~19.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:42", "references": [], "pluginID": "72502", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-10-22T00:00:00", "title": "FreeBSD Ports: xinetd", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2017-04-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=72502", "id": "OPENVAS:72502", "sourceData": "#\n#VID e11955ca-187c-11e2-be36-00215af774f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e11955ca-187c-11e2-be36-00215af774f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xinetd\n\nCVE-2012-0862\nbuiltins.c in Xinetd before 2.3.15 does not check the service type\nwhen the tcpmux-server service is enabled, which exposes all enabled\nservices and allows remote attackers to bypass intended access\nrestrictions via a request to tcpmux port 1.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=790940\nhttp://www.vuxml.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(72502);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0862\");\n script_version(\"$Revision: 5950 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-13 11:02:06 +0200 (Thu, 13 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-22 08:43:21 -0400 (Mon, 22 Oct 2012)\");\n script_name(\"FreeBSD Ports: xinetd\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"xinetd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.15\")<0) {\n txt += \"Package xinetd version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:59:40", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html", "2012-8041"], "pluginID": "1361412562310864264", "description": "Check for the Version of xinetd", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-01T00:00:00", "title": "Fedora Update for xinetd FEDORA-2012-8041", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310864264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864264", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xinetd FEDORA-2012-8041\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xinetd on Fedora 15\";\ntag_insight = \"Xinetd is a secure replacement for inetd, the Internet services\n daemon. Xinetd provides access control for all services based on the\n address of the remote host and/or on time of access and can prevent\n denial-of-access attacks. Xinetd provides extensive logging, has no\n limit on the number of server arguments, and lets you bind specific\n services to specific IP addresses on your host machine. Each service\n has its own specific configuration file for Xinetd; the files are\n located in the /etc/xinetd.d directory.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864264\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-01 09:50:12 +0530 (Fri, 01 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0862\");\n script_xref(name: \"FEDORA\", value: \"2012-8041\");\n script_name(\"Fedora Update for xinetd FEDORA-2012-8041\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~37.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-23T15:15:37", "references": ["2013:1302-01", "https://www.redhat.com/archives/rhsa-announce/2013-September/msg00049.html"], "pluginID": "1361412562310871043", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-10-03T00:00:00", "title": "RedHat Update for xinetd RHSA-2013:1302-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871043", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xinetd RHSA-2013:1302-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871043\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:17:04 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2012-0862\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for xinetd RHSA-2013:1302-01\");\n\n\n script_tag(name:\"affected\", value:\"xinetd on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n * Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n * Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1302-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-September/msg00049.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xinetd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xinetd\", rpm:\"xinetd~2.3.14~19.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xinetd-debuginfo\", rpm:\"xinetd-debuginfo~2.3.14~19.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-08T12:46:24", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=790940", "http://www.vuxml.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html"], "pluginID": "136141256231072502", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "edition": 5, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-10-22T00:00:00", "title": "FreeBSD Ports: xinetd", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231072502", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_xinetd.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID e11955ca-187c-11e2-be36-00215af774f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72502\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0862\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-22 08:43:21 -0400 (Mon, 22 Oct 2012)\");\n script_name(\"FreeBSD Ports: xinetd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: xinetd\n\nCVE-2012-0862\nbuiltins.c in Xinetd before 2.3.15 does not check the service type\nwhen the tcpmux-server service is enabled, which exposes all enabled\nservices and allows remote attackers to bypass intended access\nrestrictions via a request to tcpmux port 1.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790940\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"xinetd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.15\")<0) {\n txt += \"Package xinetd version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:45:39", "references": [], "pluginID": "62403", "description": "A security issue was identified and fixed in xinetd :\n\nbuiltins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (CVE-2012-0862).\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2012-10-03T00:00:00", "title": "Mandriva Linux Security Advisory : xinetd (MDVSA-2012:155-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:xinetd", "p-cpe:/a:mandriva:linux:xinetd-simple-services"], "id": "MANDRIVA_MDVSA-2012-155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62403", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:155. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62403);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"MDVSA\", value:\"2012:155-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xinetd (MDVSA-2012:155-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security issue was identified and fixed in xinetd :\n\nbuiltins.c in Xinetd before 2.3.15 does not check the service type\nwhen the tcpmux-server service is enabled, which exposes all enabled\nservices and allows remote attackers to bypass intended access\nrestrictions via a request to tcpmux port 1 (CVE-2012-0862).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd and / or xinetd-simple-services packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xinetd-simple-services\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"xinetd-2.3.14-13.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"xinetd-simple-services-2.3.14-13.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:45:08", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-February/003281.html"], "pluginID": "68740", "description": "From Red Hat Security Advisory 2013:0499 :\n\nAn updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 4, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : xinetd (ELSA-2013-0499)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2015-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xinetd"], "id": "ORACLELINUX_ELSA-2013-0499.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68740", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0499 and \n# Oracle Linux Security Advisory ELSA-2013-0499 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68740);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:16:03 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:0499\");\n\n script_name(english:\"Oracle Linux 6 : xinetd (ELSA-2013-0499)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0499 :\n\nAn updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003281.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xinetd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:59:54", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=790940", "http://www.nessus.org/u?e8ff2223"], "pluginID": "59298", "description": "Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-05-30T00:00:00", "title": "Fedora 16 : xinetd-2.3.14-47.fc16 (2012-8061)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xinetd", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-8061.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8061.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59298);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:53:52 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_xref(name:\"FEDORA\", value:\"2012-8061\");\n\n script_name(english:\"Fedora 16 : xinetd-2.3.14-47.fc16 (2012-8061)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790940\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8ff2223\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xinetd-2.3.14-47.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xinetd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:02", "references": ["http://www.nessus.org/u?4e4d6e96", "https://bugzilla.redhat.com/show_bug.cgi?id=790940"], "pluginID": "59297", "description": "Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-05-30T00:00:00", "title": "Fedora 15 : xinetd-2.3.14-37.fc15 (2012-8041)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xinetd", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-8041.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8041.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59297);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:53:52 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_xref(name:\"FEDORA\", value:\"2012-8041\");\n\n script_name(english:\"Fedora 15 : xinetd-2.3.14-37.fc15 (2012-8041)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790940\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e4d6e96\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xinetd-2.3.14-37.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xinetd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-13T16:48:48", "references": ["https://access.redhat.com/errata/RHSA-2013:1302", "https://access.redhat.com/security/cve/cve-2012-0862"], "pluginID": "70243", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 7, "reporter": "Tenable", "published": "2013-10-01T00:00:00", "title": "RHEL 5 : xinetd (RHSA-2013:1302)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xinetd-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xinetd"], "id": "REDHAT-RHSA-2013-1302.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70243", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70243);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"RHEL 5 : xinetd (RHSA-2013:1302)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0862\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd and / or xinetd-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xinetd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1302\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xinetd-debuginfo-2.3.14-19.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xinetd-debuginfo-2.3.14-19.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xinetd-debuginfo-2.3.14-19.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xinetd / xinetd-debuginfo\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-13T17:08:09", "references": ["https://access.redhat.com/errata/RHSA-2013:0499", "https://access.redhat.com/security/cve/cve-2012-0862"], "pluginID": "64751", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 7, "reporter": "Tenable", "published": "2013-02-21T00:00:00", "title": "RHEL 6 : xinetd (RHSA-2013:0499)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xinetd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xinetd", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0499.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0499. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64751);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:0499\");\n\n script_name(english:\"RHEL 6 : xinetd (RHSA-2013:0499)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0862\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd and / or xinetd-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xinetd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0499\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"xinetd-debuginfo-2.3.14-38.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"xinetd-debuginfo-2.3.14-38.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"xinetd-debuginfo-2.3.14-38.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xinetd / xinetd-debuginfo\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-13T17:09:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=790940", "http://www.nessus.org/u?51da11ad"], "pluginID": "62612", "description": "Thomas Swan reports :\n\nxinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port.", "edition": 5, "reporter": "Tenable", "published": "2012-10-18T00:00:00", "title": "FreeBSD : xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled (e11955ca-187c-11e2-be36-00215af774f0)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:xinetd"], "id": "FREEBSD_PKG_E11955CA187C11E2BE3600215AF774F0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62612);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2012-0862\");\n\n script_name(english:\"FreeBSD : xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled (e11955ca-187c-11e2-be36-00215af774f0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Thomas Swan reports :\n\nxinetd allows for services to be configured with the TCPMUX or\nTCPMUXPLUS service types, which makes those services available on port\n1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When\nthe tcpmux-server service is enabled, xinetd would expose _all_\nenabled services via the tcpmux port, instead of just the configured\nservice(s). This could allow a remote attacker to bypass firewall\nrestrictions and access services via the tcpmux port.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=790940\"\n );\n # https://vuxml.freebsd.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51da11ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xinetd<2.3.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-29T19:29:31", "references": ["http://www.nessus.org/u?86e1c451", "http://www.nessus.org/u?bf279e60"], "pluginID": "65135", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "edition": 7, "reporter": "Tenable", "published": "2013-03-10T00:00:00", "title": "CentOS 6 : xinetd (CESA-2013:0499)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xinetd"], "id": "CENTOS_RHSA-2013-0499.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0499 and \n# CentOS Errata and Security Advisory 2013:0499 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65135);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:0499\");\n\n script_name(english:\"CentOS 6 : xinetd (CESA-2013:0499)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019552.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf279e60\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000744.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86e1c451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:19", "references": ["http://www.nessus.org/u?7e72ce08"], "pluginID": "64961", "description": "When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log.\n\n - Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts.", "edition": 4, "reporter": "Tenable", "published": "2013-03-01T00:00:00", "title": "Scientific Linux Security Update : xinetd on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2013-03-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130221_XINETD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64961", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64961);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/03/01 11:58:42 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n\n script_name(english:\"Scientific Linux Security Update : xinetd on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, a file descriptor array in the\n service.c source file was not handled as expected. As a\n consequence, some of the descriptors remained open when\n xinetd was under heavy load. Additionally, the system\n log was filled with a large number of messages that took\n up a lot of disk space over time. This update modifies\n the xinetd code to handle the file descriptors correctly\n and messages no longer fill the system log.\n\n - Prior to this update, services were disabled permanently\n when their CPS limit was reached. As a consequence, a\n failed bind operation could occur when xinetd attempted\n to restart the service. This update adds additional\n logic that attempts to restart the service. Now, the\n service is only disabled if xinetd cannot restart the\n service after 30 attempts.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=4790\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e72ce08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd and / or xinetd-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"xinetd-2.3.14-38.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xinetd-debuginfo-2.3.14-38.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:48:23", "references": ["http://www.nessus.org/u?a39fe93f"], "pluginID": "70364", "description": "When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log.\n\n - Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts.", "edition": 4, "reporter": "Tenable", "published": "2013-10-10T00:00:00", "title": "Scientific Linux Security Update : xinetd on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0862"], "modified": "2013-10-10T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130930_XINETD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70364);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/10/10 11:32:46 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n\n script_name(english:\"Scientific Linux Security Update : xinetd on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, a file descriptor array in the\n service.c source file was not handled as expected. As a\n consequence, some of the descriptors remained open when\n xinetd was under heavy load. Additionally, the system\n log was filled with a large number of messages that took\n up a lot of disk space over time. This update modifies\n the xinetd code to handle the file descriptors correctly\n and messages no longer fill the system log.\n\n - Prior to this update, services were disabled permanently\n when their CPS limit was reached. As a consequence, a\n failed bind operation could occur when xinetd attempted\n to restart the service. This update adds additional\n logic that attempts to restart the service. Now, the\n service is only disabled if xinetd cannot restart the\n service after 30 attempts.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=439\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a39fe93f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd and / or xinetd-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xinetd-debuginfo-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:17", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1302.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "packageFilename": "xinetd-2.3.14-19.el5.src.rpm", "packageName": "xinetd", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "packageFilename": "xinetd-2.3.14-19.el5.i386.rpm", "packageName": "xinetd", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "packageFilename": "xinetd-2.3.14-19.el5.x86_64.rpm", "packageName": "xinetd", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1302\n\n\nThe xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n\n**Affected packages:**\nxinetd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1302.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-10-07T13:02:36", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "xinetd security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "modified": "2013-10-07T13:02:36", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html", "id": "CESA-2013:1302", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-09T11:46:17", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0499.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "i686", "packageName": "xinetd", "packageFilename": "xinetd-2.3.14-38.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "i686", "packageName": "xinetd", "packageFilename": "xinetd-2.3.14-38.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "any", "packageName": "xinetd", "packageFilename": "xinetd-2.3.14-38.el6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "x86_64", "packageName": "xinetd", "packageFilename": "xinetd-2.3.14-38.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "x86_64", "packageName": "xinetd", "packageFilename": "xinetd-2.3.14-38.el6.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0499\n\n\nThe xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019552.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000744.html\n\n**Affected packages:**\nxinetd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0499.html", "edition": 3, "reporter": "CentOS Project", "published": "2013-02-27T19:40:03", "title": "xinetd security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "modified": "2013-03-09T00:43:38", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/000744.html", "id": "CESA-2013:0499", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "i686", "packageName": "xinetd-debuginfo", "packageFilename": "xinetd-debuginfo-2.3.14-38.el6.i686.rpm", "operator": "lt"}], "description": "The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2013-02-21T05:00:00", "type": "redhat", "title": "(RHSA-2013:0499) Low: xinetd security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:25", "id": "RHSA-2013:0499", "href": "https://access.redhat.com/errata/RHSA-2013:0499", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:41", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "i386", "packageName": "xinetd-debuginfo", "packageFilename": "xinetd-debuginfo-2.3.14-19.el5.i386.rpm", "operator": "lt"}], "description": "The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2013-09-30T20:52:28", "type": "redhat", "title": "(RHSA-2013:1302) Low: xinetd security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:13:53", "id": "RHSA-2013:1302", "href": "https://access.redhat.com/errata/RHSA-2013:1302", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:17", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "x86_64", "packageFilename": "xinetd-2.3.14-19.el5.x86_64.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "ia64", "packageFilename": "xinetd-2.3.14-19.el5.ia64.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "src", "packageFilename": "xinetd-2.3.14-19.el5.src.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "src", "packageFilename": "xinetd-2.3.14-19.el5.src.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "src", "packageFilename": "xinetd-2.3.14-19.el5.src.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.3.14-19.el5", "arch": "i386", "packageFilename": "xinetd-2.3.14-19.el5.i386.rpm", "packageName": "xinetd", "operator": "lt"}], "description": "[2:2.3.14-19]\r\n- Correctly backport patches that fix the descriptor leakage\r\n- Related: #852274\r\n \n[-2:2.3.14-18]\r\n- Fix leaking file descriptors (#852274)\r\n- Fix: Service disabled due to bind failure (#811000)\r\n- CVE-2012-0862 xinetd: enables unintentional services over tcpmux port (#788795)", "edition": 3, "reporter": "Oracle", "published": "2013-10-02T00:00:00", "title": "xinetd security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "modified": "2013-10-02T00:00:00", "id": "ELSA-2013-1302", "href": "http://linux.oracle.com/errata/ELSA-2013-1302.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:42:28", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "x86_64", "packageFilename": "xinetd-2.3.14-38.el6.x86_64.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "src", "packageFilename": "xinetd-2.3.14-38.el6.src.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "src", "packageFilename": "xinetd-2.3.14-38.el6.src.rpm", "packageName": "xinetd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.14-38.el6", "arch": "i686", "packageFilename": "xinetd-2.3.14-38.el6.i686.rpm", "packageName": "xinetd", "operator": "lt"}], "description": "[2:2.3.14-38]\n- CVE-2012-0862 xinetd: enables unintentional services over tcpmux port\n- Resolves: #883653\n[2:2.3.14-37]\n- Fix changelog entry\n- Related: #809271\n[2:2.3.14-36]\n- Fix: Service disabled due to bind failure\n- Resolves: #809271", "edition": 3, "reporter": "Oracle", "published": "2013-02-22T00:00:00", "title": "xinetd security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "modified": "2013-02-22T00:00:00", "id": "ELSA-2013-0499", "href": "http://linux.oracle.com/errata/ELSA-2013-0499.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:51:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 53720\r\nCVE ID: CVE-2012-0862\r\n\r\nXinetd\u662f\u4e00\u4e2a\u6765\u6e90\u4e8eBSD inetd\u7684\u5b89\u5168\u66ff\u4ee3\u4ea7\u54c1\uff0c\u6700\u521d\u662f\u7531panos@cs.colorado.edu\u5f00\u53d1\u7684\u3002\r\n\r\nXinetd\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5728\u542f\u7528\u4e86tcpmux-server\u8bbf\u95ee\u540e\uff0cxinetd\u6ca1\u6709\u914d\u7f6e\u670d\u52a1\uff0c\u800c\u662f\u5229\u7528tcpmux\u7aef\u53e3\u516c\u5f00\u4e86\u6240\u6709\u542f\u7528\u7684\u670d\u52a1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u9632\u706b\u5899\u7684\u5b89\u5168\u9650\u5236\uff0c\u901a\u8fc7tcpmux\u7aef\u53e3\u8bbf\u95ee\u670d\u52a1\u3002\n0\nXinetd &lt; 2.3.15\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nXinetd\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.xinetd.org/", "reporter": "Root", "published": "2012-05-30T00:00:00", "type": "seebug", "title": "Xinetd &lt; 2.3.15 \u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0862"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2012-05-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60170", "id": "SSV:60170", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "status": "details"}], "freebsd": [{"lastseen": "2018-08-31T01:15:02", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=790940"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.3.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xinetd", "operator": "lt"}], "description": "\nThomas Swan reports:\n\nxinetd allows for services to be configured with the TCPMUX\n\t or TCPMUXPLUS service types, which makes those services\n\t available on port 1, as per RFC 1078 [1], if the tcpmux-server\n\t service is enabled. When the tcpmux-server service is enabled,\n\t xinetd would expose _all_ enabled services via the tcpmux port,\n\t instead of just the configured service(s). This could allow\n\t a remote attacker to bypass firewall restrictions and access\n\t services via the tcpmux port.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2012-02-15T00:00:00", "title": "xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0862"], "modified": "2012-02-15T00:00:00", "id": "E11955CA-187C-11E2-BE36-00215AF774F0", "href": "https://vuxml.freebsd.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}