Mandriva Linux Security Advisory 2013-248 - It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.
893f93a3e347b7defc96c9a0605787b8950a92d0dd891a476dd395f69124d735-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:248
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : xinetd
Date : October 10, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Updated xinetd package fixes security vulnerability:
It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This
flaw could cause the associated services to run as root. If there was
a flaw in such a service, a remote attacker could use it to execute
arbitrary code with the privileges of the root user (CVE-2013-4342).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
http://advisories.mageia.org/MGASA-2013-0302.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
7976fe68c2fbf71a2df62a39f2128fe2 mes5/i586/xinetd-2.3.14-9.2mdvmes5.2.i586.rpm
5cf2234e84b17e0a281523cab4a5c7d5 mes5/i586/xinetd-simple-services-2.3.14-9.2mdvmes5.2.i586.rpm
b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
56b91a23fb44b3464e1d7efa852211a1 mes5/x86_64/xinetd-2.3.14-9.2mdvmes5.2.x86_64.rpm
81cfdaeae19dc5c65572147fc054c092 mes5/x86_64/xinetd-simple-services-2.3.14-9.2mdvmes5.2.x86_64.rpm
b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
71c6525d8fd04f94fcf6bfc9fefd5ead mbs1/x86_64/xinetd-2.3.15-1.1.mbs1.x86_64.rpm
386144202dbe1cd6f4a3cab2cbce77c1 mbs1/x86_64/xinetd-simple-services-2.3.15-1.1.mbs1.x86_64.rpm
d36307cca323809a2af5903761acccd2 mbs1/SRPMS/xinetd-2.3.15-1.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSVom8mqjQ0CJFipgRAuiwAKC+inrDgN2oEvpG4qZQjL0W8g48gQCdGSjd
FcITRUBzVmGhwlzn3W1T9XQ=
=VyVe
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed