Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28589
HistoryOct 01, 2012 - 12:00 a.m.

CVE-2012-0862

2012-10-0100:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2012:155
http://www.mandriva.com/security/

Package : xinetd
Date : September 28, 2012
Affected: Enterprise Server 5.0

Problem Description:

A security issue was identified and fixed in xinetd:

builtins.c in Xinetd before 2.3.15 does not check the service type
when the tcpmux-server service is enabled, which exposes all enabled
services and allows remote attackers to bypass intended access
restrictions via a request to tcpmux port 1 (CVE-2012-0862).

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862

Updated Packages:

Mandriva Enterprise Server 5:
ee80cce6de9576a6203e885417b23f8e mes5/i586/xinetd-2.3.14-9.1mdvmes5.2.i586.rpm
a36ab79e05ba302d2f3161c282d78176 mes5/i586/xinetd-simple-services-2.3.14-9.1mdvmes5.2.i586.rpm
58a1b7981a34d90cfe189073101f693e mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
6f1de1f720a323d3140064ff926afd9e mes5/x86_64/xinetd-2.3.14-9.1mdvmes5.2.x86_64.rpm
54a66d86468ec9ffe6db272fa5684f01 mes5/x86_64/xinetd-simple-services-2.3.14-9.1mdvmes5.2.x86_64.rpm
58a1b7981a34d90cfe189073101f693e mes5/SRPMS/xinetd-2.3.14-9.1mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQZYRJmqjQ0CJFipgRAq50AKDqxyDefIb3S4vLFbBD1sLI92fL6ACg4bJs
3BpHMREDN4brblls5KUW9GA=
=9rHS
-----END PGP SIGNATURE-----

Related

openvas 16
nessus 16
securityvulns 1
redhat 2
centos 2
oraclelinux 2
veracode 1
fedora 2
freebsd 1
prion 1
ubuntucve 1
cve 1
debiancve 1
seebug 1
openvas
openvas
Fedora Update for xinetd FEDORA-2012-8061
2012-06-01 00:00:00
RedHat Update for xinetd RHSA-2013:0499-02
2013-02-22 00:00:00
Fedora Update for xinetd FEDORA-2012-8041
2012-06-01 00:00:00
nessus
nessus
RHEL 6 : xinetd (RHSA-2013:0499)
2013-02-21 00:00:00
Scientific Linux Security Update : xinetd on SL5.x i386/x86_64 (20130930)
2013-10-10 00:00:00
FreeBSD : xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled (e11955ca-187c-11e2-be36-00215af774f0)
2012-10-18 00:00:00
securityvulns
securityvulns
xinitd restrictions bypass
2012-10-01 00:00:00
redhat
redhat
(RHSA-2013:0499) Low: xinetd security and bug fix update
2013-02-21 00:00:00
(RHSA-2013:1302) Low: xinetd security and bug fix update
2013-09-30 16:52:28
centos
centos
xinetd security update
2013-10-07 13:02:36
xinetd security update
2013-02-27 19:40:03
oraclelinux
oraclelinux
xinetd security and bug fix update
2013-10-02 00:00:00
xinetd security and bug fix update
2013-02-22 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:57:01
fedora
fedora
[SECURITY] Fedora 16 Update: xinetd-2.3.14-47.fc16
2012-05-29 10:23:48
[SECURITY] Fedora 15 Update: xinetd-2.3.14-37.fc15
2012-05-29 10:28:15
freebsd
freebsd
xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
2012-02-15 00:00:00
prion
prion
Design/Logic Flaw
2012-06-04 20:55:00
ubuntucve
ubuntucve
CVE-2012-0862
2012-06-04 00:00:00
cve
cve
CVE-2012-0862
2012-06-04 20:55:00
debiancve
debiancve
CVE-2012-0862
2012-06-04 20:55:00
seebug
seebug
Xinetd &lt; 2.3.15 安全限制绕过漏洞
2012-05-30 00:00:00
JSON
Related for SECURITYVULNS:DOC:28589
openvas16nessus16securityvulns1redhat2centos2oraclelinux2veracode1fedora2freebsd1prion1ubuntucve1cve1debiancve1seebug1