ID CENTOS_RHSA-2013-1302.NASL Type nessus Reporter Tenable Modified 2014-11-12T00:00:00
Description
An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.
When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.
(CVE-2012-0862)
Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.
This update also fixes the following bugs :
Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.
Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)
Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)
All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:1302 and
# CentOS Errata and Security Advisory 2013:1302 respectively.
#
include("compat.inc");
if (description)
{
script_id(79148);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2014/11/12 17:31:56 $");
script_cve_id("CVE-2012-0862");
script_bugtraq_id(53720);
script_xref(name:"RHSA", value:"2013:1302");
script_name(english:"CentOS 5 : xinetd (CESA-2013:1302)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated xinetd package that fixes one security issue and two bugs
is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The xinetd package provides a secure replacement for inetd, the
Internet services daemon. xinetd provides access control for all
services based on the address of the remote host and/or on time of
access, and can prevent denial-of-access attacks.
When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'
type, and the tcpmux-server service is enabled, those services are
accessible via port 1. It was found that enabling the tcpmux-server
service (it is disabled by default) allowed every xinetd service,
including those that are not configured with the 'TCPMUX' or
'TCPMUXPLUS' type, to be accessible via port 1. This could allow a
remote attacker to bypass intended firewall restrictions.
(CVE-2012-0862)
Red Hat would like to thank Thomas Swan of FedEx for reporting this
issue.
This update also fixes the following bugs :
* Prior to this update, a file descriptor array in the service.c
source file was not handled as expected. As a consequence, some of the
descriptors remained open when xinetd was under heavy load.
Additionally, the system log was filled with a large number of
messages that took up a lot of disk space over time. This update
modifies the xinetd code to handle the file descriptors correctly and
messages no longer fill the system log. (BZ#852274)
* Prior to this update, services were disabled permanently when their
CPS limit was reached. As a consequence, a failed bind operation could
occur when xinetd attempted to restart the service. This update adds
additional logic that attempts to restart the service. Now, the
service is only disabled if xinetd cannot restart the service after 30
attempts. (BZ#811000)
All users of xinetd are advised to upgrade to this updated package,
which contains backported patches to correct these issues."
);
# http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?90ff15b8"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected xinetd package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xinetd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"xinetd-2.3.14-19.el5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"hash": "903b0db3d0ffdc67877db6c150a78887e41541e2295d87a003d08a826ec80720", "naslFamily": "CentOS Local Security Checks", "id": "CENTOS_RHSA-2013-1302.NASL", "lastseen": "2017-10-29T13:41:23", "viewCount": 0, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "2c30007d0fffdbc6e4475673a74383ce", "key": "cpe"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:xinetd"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "edition": 2, "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "title": "CentOS 5 : xinetd (CESA-2013:1302)", "history": [{"bulletin": {"hash": "7b7d70a97d34110cfd1634e16fee97896b69a757d740e0d535d4adfa5df81e2d", "naslFamily": "CentOS Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:25:31", "enchantments": {}, "hashmap": [{"hash": "c8d032582cf54061009575519a5f2d98", "key": "href"}, {"hash": "e93e94680f41cd7ab2cbe42d0ea28633", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "8311d6de2a0ea7c44768419206ad5856", "key": "references"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "modified"}, {"hash": "d93ebb71c25908a7c76920c604ec886d", "key": "cvelist"}, {"hash": "78e88512baddbf8126ccc1653b3a4eb9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "7798028bbad8be2f32c407b97f10b530", "key": "published"}, {"hash": "8bb2950b46b8631fd1d96a3e74abbba6", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "c74cb9bc136e7e21499547c9a8df48e6", "key": "pluginID"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "CENTOS_RHSA-2013-1302.NASL", "type": "nessus", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "viewCount": 0, "title": "CentOS 5 : xinetd (CESA-2013:1302)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2012-0862"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2014-11-12T00:00:00", "pluginID": "79148", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "modified": "2014-11-12T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148"}, "lastseen": "2016-09-26T17:25:31", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2012-0862"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1302 and \n# CentOS Errata and Security Advisory 2013:1302 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79148);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/11/12 17:31:56 $\");\n\n script_cve_id(\"CVE-2012-0862\");\n script_bugtraq_id(53720);\n script_xref(name:\"RHSA\", value:\"2013:1302\");\n\n script_name(english:\"CentOS 5 : xinetd (CESA-2013:1302)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xinetd package that fixes one security issue and two bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the\nInternet services daemon. xinetd provides access control for all\nservices based on the address of the remote host and/or on time of\naccess, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS'\ntype, and the tcpmux-server service is enabled, those services are\naccessible via port 1. It was found that enabling the tcpmux-server\nservice (it is disabled by default) allowed every xinetd service,\nincluding those that are not configured with the 'TCPMUX' or\n'TCPMUXPLUS' type, to be accessible via port 1. This could allow a\nremote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c\nsource file was not handled as expected. As a consequence, some of the\ndescriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of\nmessages that took up a lot of disk space over time. This update\nmodifies the xinetd code to handle the file descriptors correctly and\nmessages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their\nCPS limit was reached. As a consequence, a failed bind operation could\noccur when xinetd attempted to restart the service. This update adds\nadditional logic that attempts to restart the service. Now, the\nservice is only disabled if xinetd cannot restart the service after 30\nattempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90ff15b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xinetd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xinetd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"xinetd-2.3.14-19.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2014-11-12T00:00:00", "pluginID": "79148", "references": ["http://www.nessus.org/u?90ff15b8"], "reporter": "Tenable", "modified": "2014-11-12T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79148"}
{"result": {"cve": [{"id": "CVE-2012-0862", "type": "cve", "title": "CVE-2012-0862", "description": "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.", "published": "2012-06-04T16:55:02", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0862", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-08-29T12:17:32"}], "openvas": [{"id": "OPENVAS:1361412562310881672", "type": "openvas", "title": "CentOS Update for xinetd CESA-2013:0499 centos6 ", "description": "Check for the Version of xinetd", "published": "2013-03-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881672", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-04-06T11:22:46"}, {"id": "OPENVAS:871043", "type": "openvas", "title": "RedHat Update for xinetd RHSA-2013:1302-01", "description": "Check for the Version of xinetd", "published": "2013-10-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871043", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-01-19T15:09:15"}, {"id": "OPENVAS:1361412562310123709", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0499", "description": "Oracle Linux Local Security Checks ELSA-2013-0499", "published": "2015-10-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123709", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-07-24T12:53:45"}, {"id": "OPENVAS:831736", "type": "openvas", "title": "Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)", "description": "Check for the Version of xinetd", "published": "2012-10-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831736", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-01-02T10:57:18"}, {"id": "OPENVAS:1361412562310870939", "type": "openvas", "title": "RedHat Update for xinetd RHSA-2013:0499-02", "description": "Check for the Version of xinetd", "published": "2013-02-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870939", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-04-06T11:23:17"}, {"id": "OPENVAS:1361412562310123563", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1302", "description": "Oracle Linux Local Security Checks ELSA-2013-1302", "published": "2015-10-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123563", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-07-24T12:53:36"}, {"id": "OPENVAS:870939", "type": "openvas", "title": "RedHat Update for xinetd RHSA-2013:0499-02", "description": "Check for the Version of xinetd", "published": "2013-02-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870939", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-01-24T11:10:10"}, {"id": "OPENVAS:1361412562310864267", "type": "openvas", "title": "Fedora Update for xinetd FEDORA-2012-8061", "description": "Check for the Version of xinetd", "published": "2012-06-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864267", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-04-06T11:20:18"}, {"id": "OPENVAS:864267", "type": "openvas", "title": "Fedora Update for xinetd FEDORA-2012-8061", "description": "Check for the Version of xinetd", "published": "2012-06-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864267", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-01-08T12:58:33"}, {"id": "OPENVAS:1361412562310871043", "type": "openvas", "title": "RedHat Update for xinetd RHSA-2013:1302-01", "description": "Check for the Version of xinetd", "published": "2013-10-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871043", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-04-06T11:22:32"}], "nessus": [{"id": "FEDORA_2012-8041.NASL", "type": "nessus", "title": "Fedora 15 : xinetd-2.3.14-37.fc15 (2012-8041)", "description": "Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-05-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59297", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:35:41"}, {"id": "FEDORA_2012-8061.NASL", "type": "nessus", "title": "Fedora 16 : xinetd-2.3.14-47.fc16 (2012-8061)", "description": "Fix tcpmux security\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-05-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59298", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:42:28"}, {"id": "REDHAT-RHSA-2013-1302.NASL", "type": "nessus", "title": "RHEL 5 : xinetd (RHSA-2013:1302)", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2013-10-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=70243", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:35:54"}, {"id": "ORACLELINUX_ELSA-2013-0499.NASL", "type": "nessus", "title": "Oracle Linux 6 : xinetd (ELSA-2013-0499)", "description": "From Red Hat Security Advisory 2013:0499 :\n\nAn updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68740", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:37:41"}, {"id": "REDHAT-RHSA-2013-0499.NASL", "type": "nessus", "title": "RHEL 6 : xinetd (RHSA-2013:0499)", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2013-02-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64751", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:44:09"}, {"id": "ORACLELINUX_ELSA-2013-1302.NASL", "type": "nessus", "title": "Oracle Linux 5 : xinetd (ELSA-2013-1302)", "description": "From Red Hat Security Advisory 2013:1302 :\n\nAn updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2013-10-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=70283", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:38:25"}, {"id": "MANDRIVA_MDVSA-2012-155.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : xinetd (MDVSA-2012:155-1)", "description": "A security issue was identified and fixed in xinetd :\n\nbuiltins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (CVE-2012-0862).\n\nThe updated packages have been patched to correct this issue.", "published": "2012-10-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62403", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:37:49"}, {"id": "CENTOS_RHSA-2013-0499.NASL", "type": "nessus", "title": "CentOS 6 : xinetd (CESA-2013:0499)", "description": "An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.\n\nWhen xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load.\nAdditionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "published": "2013-03-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65135", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:38:44"}, {"id": "FREEBSD_PKG_E11955CA187C11E2BE3600215AF774F0.NASL", "type": "nessus", "title": "FreeBSD : xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled (e11955ca-187c-11e2-be36-00215af774f0)", "description": "Thomas Swan reports :\n\nxinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port.", "published": "2012-10-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62612", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:44:46"}, {"id": "SL_20130221_XINETD_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : xinetd on SL6.x i386/x86_64", "description": "When xinetd services are configured with the 'TCPMUX' or 'TCPMUXPLUS' type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the 'TCPMUX' or 'TCPMUXPLUS' type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.\n(CVE-2012-0862)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log.\n\n - Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts.", "published": "2013-03-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64961", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-29T13:36:50"}], "centos": [{"id": "CESA-2013:1302", "type": "centos", "title": "xinetd security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:1302\n\n\nThe xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html\n\n**Affected packages:**\nxinetd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1302.html", "published": "2013-10-07T13:02:36", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-October/000881.html", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-10-03T18:26:17"}, {"id": "CESA-2013:0499", "type": "centos", "title": "xinetd security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0499\n\n\nThe xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019552.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/000744.html\n\n**Affected packages:**\nxinetd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0499.html", "published": "2013-02-27T19:40:03", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/000744.html", "cvelist": ["CVE-2012-0862"], "lastseen": "2018-03-09T11:46:17"}], "oraclelinux": [{"id": "ELSA-2013-0499", "type": "oraclelinux", "title": "xinetd security and bug fix update", "description": "[2:2.3.14-38]\n- CVE-2012-0862 xinetd: enables unintentional services over tcpmux port\n- Resolves: #883653\n[2:2.3.14-37]\n- Fix changelog entry\n- Related: #809271\n[2:2.3.14-36]\n- Fix: Service disabled due to bind failure\n- Resolves: #809271", "published": "2013-02-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0499.html", "cvelist": ["CVE-2012-0862"], "lastseen": "2016-09-04T11:16:08"}, {"id": "ELSA-2013-1302", "type": "oraclelinux", "title": "xinetd security and bug fix update", "description": "[2:2.3.14-19]\r\n- Correctly backport patches that fix the descriptor leakage\r\n- Related: #852274\r\n \n[-2:2.3.14-18]\r\n- Fix leaking file descriptors (#852274)\r\n- Fix: Service disabled due to bind failure (#811000)\r\n- CVE-2012-0862 xinetd: enables unintentional services over tcpmux port (#788795)", "published": "2013-10-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-1302.html", "cvelist": ["CVE-2012-0862"], "lastseen": "2016-09-04T11:15:58"}], "redhat": [{"id": "RHSA-2013:1302", "type": "redhat", "title": "(RHSA-2013:1302) Low: xinetd security and bug fix update", "description": "The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#852274)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#811000)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n", "published": "2013-09-30T20:52:28", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1302", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-09-09T07:20:23"}, {"id": "RHSA-2013:0499", "type": "redhat", "title": "(RHSA-2013:0499) Low: xinetd security and bug fix update", "description": "The xinetd package provides a secure replacement for inetd, the Internet\nservices daemon. xinetd provides access control for all services based on\nthe address of the remote host and/or on time of access, and can prevent\ndenial-of-access attacks.\n\nWhen xinetd services are configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type,\nand the tcpmux-server service is enabled, those services are accessible via\nport 1. It was found that enabling the tcpmux-server service (it is\ndisabled by default) allowed every xinetd service, including those that are\nnot configured with the \"TCPMUX\" or \"TCPMUXPLUS\" type, to be accessible via\nport 1. This could allow a remote attacker to bypass intended firewall\nrestrictions. (CVE-2012-0862)\n\nRed Hat would like to thank Thomas Swan of FedEx for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, a file descriptor array in the service.c source\nfile was not handled as expected. As a consequence, some of the descriptors\nremained open when xinetd was under heavy load. Additionally, the system\nlog was filled with a large number of messages that took up a lot of disk\nspace over time. This update modifies the xinetd code to handle the file\ndescriptors correctly and messages no longer fill the system log.\n(BZ#790036)\n\n* Prior to this update, services were disabled permanently when their CPS\nlimit was reached. As a consequence, a failed bind operation could occur\nwhen xinetd attempted to restart the service. This update adds additional\nlogic that attempts to restart the service. Now, the service is only\ndisabled if xinetd cannot restart the service after 30 attempts.\n(BZ#809271)\n\nAll users of xinetd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n", "published": "2013-02-21T05:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0499", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-12-25T20:04:54"}], "freebsd": [{"id": "E11955CA-187C-11E2-BE36-00215AF774F0", "type": "freebsd", "title": "xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled", "description": "\nThomas Swan reports:\n\nxinetd allows for services to be configured with the TCPMUX\n\t or TCPMUXPLUS service types, which makes those services\n\t available on port 1, as per RFC 1078 [1], if the tcpmux-server\n\t service is enabled. When the tcpmux-server service is enabled,\n\t xinetd would expose _all_ enabled services via the tcpmux port,\n\t instead of just the configured service(s). This could allow\n\t a remote attacker to bypass firewall restrictions and access\n\t services via the tcpmux port.\n\n", "published": "2012-02-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/e11955ca-187c-11e2-be36-00215af774f0.html", "cvelist": ["CVE-2012-0862"], "lastseen": "2016-09-26T17:24:35"}], "seebug": [{"id": "SSV:60170", "type": "seebug", "title": "Xinetd < 2.3.15 \u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "description": "BUGTRAQ ID: 53720\r\nCVE ID: CVE-2012-0862\r\n\r\nXinetd\u662f\u4e00\u4e2a\u6765\u6e90\u4e8eBSD inetd\u7684\u5b89\u5168\u66ff\u4ee3\u4ea7\u54c1\uff0c\u6700\u521d\u662f\u7531panos@cs.colorado.edu\u5f00\u53d1\u7684\u3002\r\n\r\nXinetd\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5728\u542f\u7528\u4e86tcpmux-server\u8bbf\u95ee\u540e\uff0cxinetd\u6ca1\u6709\u914d\u7f6e\u670d\u52a1\uff0c\u800c\u662f\u5229\u7528tcpmux\u7aef\u53e3\u516c\u5f00\u4e86\u6240\u6709\u542f\u7528\u7684\u670d\u52a1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u9632\u706b\u5899\u7684\u5b89\u5168\u9650\u5236\uff0c\u901a\u8fc7tcpmux\u7aef\u53e3\u8bbf\u95ee\u670d\u52a1\u3002\n0\nXinetd < 2.3.15\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nXinetd\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.xinetd.org/", "published": "2012-05-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-60170", "cvelist": ["CVE-2012-0862"], "lastseen": "2017-11-19T17:51:26"}]}}