4 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server está habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a través de una petición a tcpmux puerto 1. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html http://rhn.redhat.com/errata/RHSA-2013-1302.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:155 http://www.openwall.com/lists/oss-security/2012/05/09/5 http://www.openwall.com/lists/oss-security/2012/05/10/2 http://www.osvdb.org/81774 http://www.securityfocus.com/bid/53720 http://www.securitytracker. • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 http://www.redhat.com/support/errata/RHSA-2001-092.html http://www.securityfocus.com/bid/2971 https://exchange.xforce.ibmcloud.com/vulnerabilities/6804 •

CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. • http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01 http://marc.info/?l=bugtraq&m=99913751525583&w=2 http://rhn.redhat.com/errata/RHSA-2001-109.html http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3 http://www.securityfocus.com/bid/3257 •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. • http://www.debian.org/security/2000/20000619 http://www.securityfocus.com/bid/1381 http://www.synack.net/xinetd https://exchange.xforce.ibmcloud.com/vulnerabilities/4986 •