Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11096

HistoryJan 15, 2019 - 8:57 a.m.

Authorization Bypass

2019-01-1508:57:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

EPSS

0.005

Percentile

75.4%

xinetd is vulnerable to authorization bypass. The service type is not verified in builtins.c when the TCPMUX or TCPMUXPLUS type and tcpmux-server service are enabled. This exposes all enabled services and allows remote attackers to bypass access and firewall restrictions via a request to tcpmux port 1.

References

lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html

rhn.redhat.com/errata/RHSA-2013-1302.html

www.mandriva.com/security/advisories?name=MDVSA-2012:155

www.openwall.com/lists/oss-security/2012/05/09/5

www.openwall.com/lists/oss-security/2012/05/10/2

www.osvdb.org/81774

www.securityfocus.com/bid/53720

www.securitytracker.com/id?1027050

www.xinetd.org/#changes

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/attachment.cgi?id=583311

bugzilla.redhat.com/show_bug.cgi?id=790036

bugzilla.redhat.com/show_bug.cgi?id=790940

exchange.xforce.ibmcloud.com/vulnerabilities/75965

rhn.redhat.com/errata/RHSA-2013-0499.html

EPSS

0.005

Percentile

75.4%

Related for VERACODE:11096

securityvulns2 centos2 nessus16 openvas18 redhat2 fedora2 freebsd1 oraclelinux2 ubuntucve1 prion1 cvelist1 debiancve1 cve1 nvd1 seebug1