ALT-PU-2015-2176-1
Closed vulnerabilities
Published: 2012-06-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2012-0862
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Severity: MEDIUM (4.3)
References:
- FEDORA-2012-8061
- FEDORA-2012-8041
- RHSA-2013:1302
- MDVSA-2012:155
- [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- 81774
- 53720
- 1027050
- http://www.xinetd.org/#changes
- https://bugzilla.redhat.com/attachment.cgi?id=583311
- https://bugzilla.redhat.com/show_bug.cgi?id=790940
- xinetd-tcpmux-weak-security(75965)
- FEDORA-2012-8061
- xinetd-tcpmux-weak-security(75965)
- https://bugzilla.redhat.com/show_bug.cgi?id=790940
- https://bugzilla.redhat.com/attachment.cgi?id=583311
- http://www.xinetd.org/#changes
- 1027050
- 53720
- 81774
- [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- MDVSA-2012:155
- RHSA-2013:1302
- FEDORA-2012-8041