Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0862

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0862
Last Modified 10 Oct 2013 11:41:21
Published 04 Jun 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0862

Summary

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Vulnerable Systems

Application

  • Xinetd 2.3.10

  • Xinetd 2.3.11

  • Xinetd 2.3.12

  • Xinetd 2.3.13

  • Xinetd 2.3.14

  • Xinetd 2.3.5

  • Xinetd 2.3.6

  • Xinetd 2.3.7

  • Xinetd 2.3.8

  • Xinetd 2.3.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=790940

MISC - https://bugzilla.redhat.com/attachment.cgi?id=583311

XF - xinetd-tcpmux-weak-security(75965)

CONFIRM - http://www.xinetd.org/#changes

SECTRACK - 1027050

BID - 53720

OSVDB - 81774

MLIST - [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port

MLIST - [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port

FEDORA - FEDORA-2012-8041

FEDORA - FEDORA-2012-8061

MANDRIVA - MDVSA-2012:155

REDHAT - RHSA-2013:1302


Last Updated: 27 May 2016 10:47:11