CVE-2012-0862

Published: Jun 4, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Affected (10)

Products: Xinetd: Xinetd

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Xinetd Xinetd	Up to 2.3.14
Xinetd Xinetd	Version 2.3.10
Xinetd Xinetd	Version 2.3.11
Xinetd Xinetd	Version 2.3.12
Xinetd Xinetd	Version 2.3.13
Xinetd Xinetd	Version 2.3.5
Xinetd Xinetd	Version 2.3.6
Xinetd Xinetd	Version 2.3.7
Xinetd Xinetd	Version 2.3.8
Xinetd Xinetd	Version 2.3.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1302.html

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:155

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/09/5

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/10/2

Source: secalert@redhat.com

http://www.osvdb.org/81774

Source: secalert@redhat.com

http://www.securityfocus.com/bid/53720

Source: secalert@redhat.com

http://www.securitytracker.com/id?1027050

Source: secalert@redhat.com

http://www.xinetd.org/#changes

Source: secalert@redhat.com

https://bugzilla.redhat.com/attachment.cgi?id=583311

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=790940

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/75965

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1302.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:155

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/09/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/10/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/81774

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53720

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027050

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.xinetd.org/#changes

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/attachment.cgi?id=583311

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=790940

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/75965

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.