3 matches found
xinetd does not enforce the user and group configuration directives for TCPMUX services which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
...
SUSE SLES10 / SLES11 Security Update : xinetd (SUSE-SU-2014:0871-1)
Xinetd receives a LTSS roll-up update to fix two security issues. - CVE-2012-0862: xinetd enabled all services when tcp multiplexing is used. - CVE-2013-4342: xinetd ignored user and group directives for tcpmux services, running services as root. While both issues are not so problematic on their...
xinetd: enables unintentional services over tcpmux port
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1...