FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0862

This CVE name corresponds to:

Entered Topic
2012-10-17 xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-0862 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-0862
Phase Assigned(20120119)

Description

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

References

Source Reference
MLIST [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
MLIST [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port
MISC https://bugzilla.redhat.com/attachment.cgi?id=583311
MISC https://bugzilla.redhat.com/show_bug.cgi?id=790940
CONFIRM http://www.xinetd.org/#changes
FEDORA FEDORA-2012-8041
FEDORA FEDORA-2012-8061
MANDRIVA MDVSA-2012:155
REDHAT RHSA-2013:1302
BID 53720
OSVDB 81774
SECTRACK 1027050
XF xinetd-tcpmux-weak-security(75965)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.