CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
83.8%
Issue Overview:
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
Affected Packages:
xinetd
Issue Correction:
Run yum update xinetd to update your system.
New Packages:
i686:
xinetd-2.3.14-39.9.amzn1.i686
xinetd-debuginfo-2.3.14-39.9.amzn1.i686
src:
xinetd-2.3.14-39.9.amzn1.src
x86_64:
xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64
xinetd-2.3.14-39.9.amzn1.x86_64
Red Hat: CVE-2013-4342
Mitre: CVE-2013-4342
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | xinetd | < 2.3.14-39.9.amzn1 | xinetd-2.3.14-39.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | xinetd-debuginfo | < 2.3.14-39.9.amzn1 | xinetd-debuginfo-2.3.14-39.9.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | xinetd-debuginfo | < 2.3.14-39.9.amzn1 | xinetd-debuginfo-2.3.14-39.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | xinetd | < 2.3.14-39.9.amzn1 | xinetd-2.3.14-39.9.amzn1.x86_64.rpm |