Mandriva Update For Xinetd MDVSA-2012:155-1 (xinetd) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A security issue was identified and fixed in xinetd: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (CVE-2012-0862). The updated packages have been patched to correct this issue.

Affected

xinetd on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-0862

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:186 (firebird)
Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:010 (qemu)
Mandrake Security Advisory MDVSA-2009:027 (cups)
Mandrake Security Advisory MDVSA-2009:161-1 (squid)

Mandriva Update for xinetd MDVSA-2012:155-1 (xinetd)

Take action and discover your vulnerabilities