ALT-PU-2015-2176-1
Closed vulnerabilities
Published: 2012-06-05
Modified: 2017-08-29
Modified: 2017-08-29
CVE-2012-0862
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Severity: MEDIUM (4.3)
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=790940
- https://bugzilla.redhat.com/attachment.cgi?id=583311
- 53720
- [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- FEDORA-2012-8061
- 81774
- http://www.xinetd.org/#changes
- 1027050
- FEDORA-2012-8041
- [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
- MDVSA-2012:155
- RHSA-2013:1302
- xinetd-tcpmux-weak-security(75965)