Lucene search

K
nvd[email protected]NVD:CVE-2012-0862
HistoryJun 04, 2012 - 8:55 p.m.

CVE-2012-0862

2012-06-0420:55:02
CWE-20
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.005

Percentile

75.4%

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Affected configurations

NVD
Node
xinetdxinetdRange2.3.14
OR
xinetdxinetdMatch2.3.5
OR
xinetdxinetdMatch2.3.6
OR
xinetdxinetdMatch2.3.7
OR
xinetdxinetdMatch2.3.8
OR
xinetdxinetdMatch2.3.9
OR
xinetdxinetdMatch2.3.10
OR
xinetdxinetdMatch2.3.11
OR
xinetdxinetdMatch2.3.12
OR
xinetdxinetdMatch2.3.13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.005

Percentile

75.4%