Executive Summary

Informations
Name MDVSA-2012:155-1 First vendor Publication 2012-10-02
Vendor Mandriva Last vendor Modification 2012-10-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue was identified and fixed in xinetd:

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (CVE-2012-0862).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:155-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20660
 
Oval ID: oval:org.mitre.oval:def:20660
Title: RHSA-2013:1302: xinetd security and bug fix update (Low)
Description: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Family: unix Class: patch
Reference(s): RHSA-2013:1302-01
CESA-2013:1302
CVE-2012-0862
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20988
 
Oval ID: oval:org.mitre.oval:def:20988
Title: RHSA-2013:0499: xinetd security and bug fix update (Low)
Description: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Family: unix Class: patch
Reference(s): RHSA-2013:0499-02
CESA-2013:0499
CVE-2012-0862
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23211
 
Oval ID: oval:org.mitre.oval:def:23211
Title: ELSA-2013:1302: xinetd security and bug fix update (Low)
Description: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Family: unix Class: patch
Reference(s): ELSA-2013:1302-01
CVE-2012-0862
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23956
 
Oval ID: oval:org.mitre.oval:def:23956
Title: ELSA-2013:0499: xinetd security and bug fix update (Low)
Description: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Family: unix Class: patch
Reference(s): ELSA-2013:0499-02
CVE-2012-0862
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25544
 
Oval ID: oval:org.mitre.oval:def:25544
Title: SUSE-SU-2014:0466-1 -- Security update for xinetd
Description: The multiplexing system xinetd was updated to fix security issues and a bug.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0466-1
CVE-2013-4342
CVE-2012-0862
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27202
 
Oval ID: oval:org.mitre.oval:def:27202
Title: DEPRECATED: ELSA-2013-1302 -- xinetd security and bug fix update (low)
Description: [2:2.3.14-19] - Correctly backport patches that fix the descriptor leakage - Related: #852274 [-2:2.3.14-18] - Fix leaking file descriptors (#852274) - Fix: Service disabled due to bind failure (#811000) - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port (#788795)
Family: unix Class: patch
Reference(s): ELSA-2013-1302
CVE-2012-0862
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): xinetd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27639
 
Oval ID: oval:org.mitre.oval:def:27639
Title: DEPRECATED: ELSA-2013-0499 -- xinetd security and bug fix update (low)
Description: [2:2.3.14-38] - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port - Resolves: #883653 [2:2.3.14-37] - Fix changelog entry - Related: #809271 [2:2.3.14-36] - Fix: Service disabled due to bind failure - Resolves: #809271
Family: unix Class: patch
Reference(s): ELSA-2013-0499
CVE-2012-0862
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): xinetd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 41

OpenVAS Exploits

Date Description
2012-10-22 Name : FreeBSD Ports: xinetd
File : nvt/freebsd_xinetd.nasl
2012-10-03 Name : Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)
File : nvt/gb_mandriva_MDVSA_2012_155_1.nasl
2012-06-01 Name : Fedora Update for xinetd FEDORA-2012-8041
File : nvt/gb_fedora_2012_8041_xinetd_fc15.nasl
2012-06-01 Name : Fedora Update for xinetd FEDORA-2012-8061
File : nvt/gb_fedora_2012_8061_xinetd_fc16.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0871-1.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1302.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-292.nasl - Type : ACT_GATHER_INFO
2014-04-01 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_xinetd-140313.nasl - Type : ACT_GATHER_INFO
2013-10-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_xinetd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1302.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1302.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-0499.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-057.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-0499.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_xinetd_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0499.nasl - Type : ACT_GATHER_INFO
2012-10-18 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e11955ca187c11e2be3600215af774f0.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-155.nasl - Type : ACT_GATHER_INFO
2012-05-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8041.nasl - Type : ACT_GATHER_INFO
2012-05-30 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8061.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:43:11
  • Multiple Updates