Bug 2937 - [UPDATE REQUEST] [UPSTREAM UPDATE] xinetd
: [UPDATE REQUEST] [UPSTREAM UPDATE] xinetd
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 15:10 MSD by Andrew Lukoshko
Modified: 2013-10-29 18:14 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 15:10:51 MSD
It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This flaw
could cause the associated services to run as root. If there was a flaw in
such a service, a remote attacker could use it to execute arbitrary code
with the privileges of the root user. (CVE-2013-4342)

http://rhn.redhat.com/errata/RHSA-2013-1409.html

https://abf.rosalinux.ru/build_lists/1339437
https://abf.rosalinux.ru/build_lists/1339438
Comment 1 Vladimir Potapov 2013-10-25 14:49:38 MSD
xinetd-2.3.14-39.res6
********************* RHEL Advisory ********************
It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This flaw
could cause the associated services to run as root. If there was a flaw in
such a service, a remote attacker could use it to execute arbitrary code
with the privileges of the root user. (CVE-2013-4342)
********************************************************
QA Verified