CVSS: 7.6EPSS: 1%CPEs: 3EXPL: 1CVE-2013-4342 – xinetd: ignores user and group directives for tcpmux services
https://notcve.org/view.php?id=CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. xinetd no fuerza la directriz de configuración del usuario y grupo para servicios TCPMUX, lo que provoca que estos servicios sean ejecutados como root y hacer más sencillo para atacantes remotos obtener privilegios mediante el aprovechamiento de otra vulnerabilidad en un servicio. • http://rhn.redhat.com/errata/RHSA-2013-1409.html https://bugzilla.redhat.com/show_bug.cgi?id=1006100 https://github.com/xinetd-org/xinetd/pull/10 https://security.gentoo.org/glsa/201611-06 https://access.redhat.com/security/cve/CVE-2013-4342 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0862 – xinetd: enables unintentional services over tcpmux port
https://notcve.org/view.php?id=CVE-2012-0862
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server está habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a través de una petición a tcpmux puerto 1. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html http://rhn.redhat.com/errata/RHSA-2013-1302.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:155 http://www.openwall.com/lists/oss-security/2012/05/09/5 http://www.openwall.com/lists/oss-security/2012/05/10/2 http://www.osvdb.org/81774 http://www.securityfocus.com/bid/53720 http://www.securitytracker. • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 8%CPEs: 11EXPL: 2CVE-2003-0211 – Xinetd 2.1.x/2.3.x - Rejected Connection Memory Leakage Denial of Service
https://notcve.org/view.php?id=CVE-2003-0211
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. Fuga de memoria en xinetd 2.3.10 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante un número grande de conexiones rechazadas. • https://www.exploit-db.com/exploits/22508 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782 http://marc.info/?l=bugtraq&m=105068673220605&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:056 http://www.redhat.com/support/errata/RHSA-2003-160.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657 https://access.redhat.com/security/cve/CVE-2003-0211 ht •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0871
https://notcve.org/view.php?id=CVE-2002-0871
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. xinetd 2.3.4. filtra (deja ver) descriptores de ficheros para la tubería (pipe) de señales de servicios lanzados por xinetd, lo que podría permitir a esos servicios causar una denegación de servicio mediante la tubería. • http://marc.info/?l=bugtraq&m=102935383506155&w=2 http://www.iss.net/security_center/static/9844.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php http://www.redhat.com/support/errata/RHSA-2002-196.html http://www.redhat.com/support/errata/RHSA-2003-228.html http://www.securityfocus.com/bid/5458 https://www.debian.org/security/2002/dsa-151 https://access.redhat.com/security/cve/CVE-2002-0871 https://bugzilla.redhat.com/show_bug.cgi?id= •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2001-0825
https://notcve.org/view.php?id=CVE-2001-0825
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 http://www.redhat.com/support/errata/RHSA-2001-092.html http://www.securityfocus.com/bid/2971 https://exchange.xforce.ibmcloud.com/vulnerabilities/6804 •