Summary
The remote host is missing an update to xinetd
announced via advisory DSA 151-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20151-1
Insight
Solar Designer found a vulnerability in xinetd, a replacement for the BSD derived inetd. File descriptors for the signal pipe introduced in version 2.3.4 are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in crashing it entirely. This is usually called a denial of service.
This problem has been fixed by the package maintainer in version 2.3.4-1.2 for the current stable distribution (woody) and in version 2.3.7-1 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the signal pipe.
We recommend that you upgrade your xinetd packages.
Severity
Classification
-
CVE CVE-2002-0871 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)
- Debian Security Advisory DSA 1531-2 (policyd-weight)
- Debian Security Advisory DSA 1255-1 (libgtop2)
- Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)
- Debian Security Advisory DSA 198-1 (nullmailer)