Red Hat Security Advisory 2013-1302-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.
27581daef8415d493d1a3cd28c9fceefe72fcf600211fea0dc86214e4e7eb768
Mandriva Linux Security Advisory 2013-057 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been upgraded to the 2.3.15 version which is not vulnerable to this issue.
ab5c7cf9c0b995dcd94e53914502ae766fd71e8fc369da0358613eb4901045c7
Red Hat Security Advisory 2013-0499-02 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.
be4a4f35af787c54658b20d107cfe272957cfaa2dae54a130663d846f2c788ab
Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.
5333e966d5561d2f6d4f4fb9e29e14c3c973d25ae843e13ad80971d6adca9f61
Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.
863af03c72dbb69168b28f12a6929adb4f37f3a4d72987ae371a07dc35323ba5