what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2012-0862

Status Candidate

Overview

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Related Files

Red Hat Security Advisory 2013-1302-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1302-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0862
SHA-256 | 27581daef8415d493d1a3cd28c9fceefe72fcf600211fea0dc86214e4e7eb768
Mandriva Linux Security Advisory 2013-057
Posted Apr 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-057 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been upgraded to the 2.3.15 version which is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-0862
SHA-256 | ab5c7cf9c0b995dcd94e53914502ae766fd71e8fc369da0358613eb4901045c7
Red Hat Security Advisory 2013-0499-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0499-02 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0862
SHA-256 | be4a4f35af787c54658b20d107cfe272957cfaa2dae54a130663d846f2c788ab
Mandriva Linux Security Advisory 2012-155-1
Posted Oct 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-0862
SHA-256 | 5333e966d5561d2f6d4f4fb9e29e14c3c973d25ae843e13ad80971d6adca9f61
Mandriva Linux Security Advisory 2012-155
Posted Sep 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-0862
SHA-256 | 863af03c72dbb69168b28f12a6929adb4f37f3a4d72987ae371a07dc35323ba5
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close