Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29931
HistoryOct 12, 2013 - 12:00 a.m.

[ MDVSA-2013:248 ] xinetd

2013-10-1200:00:00
vulners.com
11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2013:248
http://www.mandriva.com/en/support/security/


Package : xinetd
Date : October 10, 2013
Affected: Business Server 1.0, Enterprise Server 5.0


Problem Description:

Updated xinetd package fixes security vulnerability:

It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This
flaw could cause the associated services to run as root. If there was
a flaw in such a service, a remote attacker could use it to execute
arbitrary code with the privileges of the root user (CVE-2013-4342).


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
http://advisories.mageia.org/MGASA-2013-0302.html


Updated Packages:

Mandriva Enterprise Server 5:
7976fe68c2fbf71a2df62a39f2128fe2 mes5/i586/xinetd-2.3.14-9.2mdvmes5.2.i586.rpm
5cf2234e84b17e0a281523cab4a5c7d5 mes5/i586/xinetd-simple-services-2.3.14-9.2mdvmes5.2.i586.rpm
b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
56b91a23fb44b3464e1d7efa852211a1 mes5/x86_64/xinetd-2.3.14-9.2mdvmes5.2.x86_64.rpm
81cfdaeae19dc5c65572147fc054c092 mes5/x86_64/xinetd-simple-services-2.3.14-9.2mdvmes5.2.x86_64.rpm
b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
71c6525d8fd04f94fcf6bfc9fefd5ead mbs1/x86_64/xinetd-2.3.15-1.1.mbs1.x86_64.rpm
386144202dbe1cd6f4a3cab2cbce77c1 mbs1/x86_64/xinetd-simple-services-2.3.15-1.1.mbs1.x86_64.rpm
d36307cca323809a2af5903761acccd2 mbs1/SRPMS/xinetd-2.3.15-1.1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSVom8mqjQ0CJFipgRAuiwAKC+inrDgN2oEvpG4qZQjL0W8g48gQCdGSjd
FcITRUBzVmGhwlzn3W1T9XQ=
=VyVe
-----END PGP SIGNATURE-----