CVE-2013-4342
xinetd: ignores user and group directives for tcpmux services
Severity Score
7.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
xinetd no fuerza la directriz de configuración del usuario y grupo para servicios TCPMUX, lo que provoca que estos servicios sean ejecutados como root y hacer más sencillo para atacantes remotos obtener privilegios mediante el aprovechamiento de otra vulnerabilidad en un servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-10-07 CVE Published
- 2023-10-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-863: Incorrect Authorization
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/xinetd-org/xinetd/pull/10 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1006100 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1409.html | 2023-02-13 | |
| https://security.gentoo.org/glsa/201611-06 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2013-4342 | 2013-10-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xinetd Search vendor "Xinetd" | Xinetd Search vendor "Xinetd" for product "Xinetd" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||