CVE-2013-4342

Published: Oct 10, 2013Modified: Apr 29, 2026

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 4.9 / Impact: 10.0

Source: NVD

Description

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

Affected (3)

Products: Xinetd: Xinetd · Redhat: Enterprise Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xinetd Xinetd	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5
Redhat Enterprise Linux	Version 6.0

Related CWEs

CWE-264

References (8)

http://rhn.redhat.com/errata/RHSA-2013-1409.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1006100

Source: secalert@redhat.com

ExploitPatch

https://github.com/xinetd-org/xinetd/pull/10

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201611-06

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1409.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1006100

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://github.com/xinetd-org/xinetd/pull/10

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201611-06

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.