Mandriva Linux Security Advisory 2012-155 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been patched to correct this issue.
5333e966d5561d2f6d4f4fb9e29e14c3c973d25ae843e13ad80971d6adca9f61