Published: 10/10/2013 Updated: 13/02/2023

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote malicious users to gain privileges by leveraging another vulnerability in a service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xinetd xinetd -
redhat enterprise linux 6.0
redhat enterprise linux 5

Synopsis Moderate: xinetd security update Type/Severity Security Advisory: Moderate Topic An updated xinetd package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerab ...

Debian Bug report logs - #324678 xinetd: CVE-2013-4342: tcpmux does not change the uid of server proccess Package: xinetd; Maintainer for xinetd is Salvo 'LtWorf' Tomaselli <tiposchi@tiscaliit>; Source for xinetd is src:xinetd (PTS, buildd, popcon) Reported by: Philipp Grau <phgrau@zedatfu-berlinde> Date: Tue, 23 ...

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service This flaw could cause the associated services to run as root If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user (CVE-2013-4342) ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2013-1409.html https://bugzilla.redhat.com/show_bug.cgi?id=1006100 https://github.com/xinetd-org/xinetd/pull/10 https://security.gentoo.org/glsa/201611-06 https://access.redhat.com/errata/RHSA-2013:1409 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2013-232.html

CVE-2013-4342

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect