4 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server está habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a través de una petición a tcpmux puerto 1. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html http://rhn.redhat.com/errata/RHSA-2013-1302.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:155 http://www.openwall.com/lists/oss-security/2012/05/09/5 http://www.openwall.com/lists/oss-security/2012/05/10/2 http://www.osvdb.org/81774 http://www.securityfocus.com/bid/53720 http://www.securitytracker. • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 http://www.redhat.com/support/errata/RHSA-2001-092.html http://www.securityfocus.com/bid/2971 https://exchange.xforce.ibmcloud.com/vulnerabilities/6804 •

CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. • http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01 http://marc.info/?l=bugtraq&m=99913751525583&w=2 http://rhn.redhat.com/errata/RHSA-2001-109.html http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3 http://www.securityfocus.com/bid/3257 •

CVSS: 3.6EPSS: 0%CPEs: 16EXPL: 0

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 http://www.debian.org/security/2001/dsa-063 http://www.iss.net/security_center/static/6657.php http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3 http://www.linuxsecurity.com/advisories/other_advisory-1469.html http://www.redhat.com/support/errata/RHSA-2001-075.html http://www.securityfocus.com/bid/2826 •