3 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server está habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a través de una petición a tcpmux puerto 1. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html http://rhn.redhat.com/errata/RHSA-2013-1302.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:155 http://www.openwall.com/lists/oss-security/2012/05/09/5 http://www.openwall.com/lists/oss-security/2012/05/10/2 http://www.osvdb.org/81774 http://www.securityfocus.com/bid/53720 http://www.securitytracker. • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 8%CPEs: 11EXPL: 2

Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. Fuga de memoria en xinetd 2.3.10 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante un número grande de conexiones rechazadas. • https://www.exploit-db.com/exploits/22508 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782 http://marc.info/?l=bugtraq&m=105068673220605&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:056 http://www.redhat.com/support/errata/RHSA-2003-160.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657 https://access.redhat.com/security/cve/CVE-2003-0211 ht •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 http://www.redhat.com/support/errata/RHSA-2001-092.html http://www.securityfocus.com/bid/2971 https://exchange.xforce.ibmcloud.com/vulnerabilities/6804 •