PT-2013-1194 · Xinetd+4 · Xinetd+4

Octurite

Published

2013-10-07

Updated

2024-06-15

CVE-2013-4342

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions xinetd versions 2.3.14

Description The issue is related to xinetd not enforcing user and group configuration directives for TCPMUX services, causing these services to run as root. This makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For xinetd version 2.3.14, consider disabling the TCPMUX services until a patch is available to prevent remote attackers from gaining privileges. Restrict access to sensitive information and services to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2018-2252

AZL-13592

AZL-35352

BDU:2015-07635

BDU:2015-07636

BDU:2015-09055

BDU:2015-09056

CESA-2013_1409

CVE-2013-4342

MGASA-2013-0302

OPENSUSE-SU-2024:10323-1

RHSA-2013:1409

RHSA-2013_1409

Affected Products

Alt Linux

Centos

Red Hat

Suse

Xinetd

PT-2013-1194 · Xinetd+4 · Xinetd+4

CVE-2013-4342

Weakness Enumeration

Related Identifiers

Affected Products

References · 26