CVE-2012-0862 – xinetd: enables unintentional services over tcpmux port
https://notcve.org/view.php?id=CVE-2012-0862
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server está habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a través de una petición a tcpmux puerto 1. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html http://rhn.redhat.com/errata/RHSA-2013-1302.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:155 http://www.openwall.com/lists/oss-security/2012/05/09/5 http://www.openwall.com/lists/oss-security/2012/05/10/2 http://www.osvdb.org/81774 http://www.securityfocus.com/bid/53720 http://www.securitytracker. • CWE-20: Improper Input Validation •
CVE-2003-0211 – Xinetd 2.1.x/2.3.x - Rejected Connection Memory Leakage Denial of Service
https://notcve.org/view.php?id=CVE-2003-0211
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. Fuga de memoria en xinetd 2.3.10 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante un número grande de conexiones rechazadas. • https://www.exploit-db.com/exploits/22508 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782 http://marc.info/?l=bugtraq&m=105068673220605&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:056 http://www.redhat.com/support/errata/RHSA-2003-160.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657 https://access.redhat.com/security/cve/CVE-2003-0211 ht •
CVE-2002-0871
https://notcve.org/view.php?id=CVE-2002-0871
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. xinetd 2.3.4. filtra (deja ver) descriptores de ficheros para la tubería (pipe) de señales de servicios lanzados por xinetd, lo que podría permitir a esos servicios causar una denegación de servicio mediante la tubería. • http://marc.info/?l=bugtraq&m=102935383506155&w=2 http://www.iss.net/security_center/static/9844.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php http://www.redhat.com/support/errata/RHSA-2002-196.html http://www.redhat.com/support/errata/RHSA-2003-228.html http://www.securityfocus.com/bid/5458 https://www.debian.org/security/2002/dsa-151 https://access.redhat.com/security/cve/CVE-2002-0871 https://bugzilla.redhat.com/show_bug.cgi?id= •
CVE-2001-0825
https://notcve.org/view.php?id=CVE-2001-0825
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 http://www.redhat.com/support/errata/RHSA-2001-092.html http://www.securityfocus.com/bid/2971 https://exchange.xforce.ibmcloud.com/vulnerabilities/6804 •
CVE-2001-1389
https://notcve.org/view.php?id=CVE-2001-1389
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. • http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01 http://marc.info/?l=bugtraq&m=99913751525583&w=2 http://rhn.redhat.com/errata/RHSA-2001-109.html http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3 http://www.securityfocus.com/bid/3257 •