Medium: xinetd

2013-10-1620:53:00

alas.aws.amazon.com

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

EPSS

0.01

Percentile

83.8%

JSON

Issue Overview:

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)

Affected Packages:

xinetd

Issue Correction:
Run yum update xinetd to update your system.

New Packages:

i686:  
    xinetd-2.3.14-39.9.amzn1.i686  
    xinetd-debuginfo-2.3.14-39.9.amzn1.i686  
  
src:  
    xinetd-2.3.14-39.9.amzn1.src  
  
x86_64:  
    xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64  
    xinetd-2.3.14-39.9.amzn1.x86_64

Additional References

Red Hat: CVE-2013-4342

Mitre: CVE-2013-4342

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686xinetd< 2.3.14-39.9.amzn1xinetd-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux1i686xinetd-debuginfo< 2.3.14-39.9.amzn1xinetd-debuginfo-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux1x86_64xinetd-debuginfo< 2.3.14-39.9.amzn1xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64.rpm
Amazon Linux1x86_64xinetd< 2.3.14-39.9.amzn1xinetd-2.3.14-39.9.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	xinetd	< 2.3.14-39.9.amzn1	xinetd-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux	1	i686	xinetd-debuginfo	< 2.3.14-39.9.amzn1	xinetd-debuginfo-2.3.14-39.9.amzn1.i686.rpm
Amazon Linux	1	x86_64	xinetd-debuginfo	< 2.3.14-39.9.amzn1	xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	xinetd	< 2.3.14-39.9.amzn1	xinetd-2.3.14-39.9.amzn1.x86_64.rpm