CVE-2013-4342: xinetd ignores user and group directives for TCPMUX services #10

Merged
merged 1 commit into from Jan 5, 2016

Conversation

Projects
None yet
3 participants
@octurite
Contributor

octurite commented Oct 3, 2013

Originally reported to Debian in 2005 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 and rediscovered https://bugzilla.redhat.com/show_bug.cgi?id=1006100, xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).

CVE-2013-4342: xinetd: ignores user and group directives for TCPMUX s…
…ervices

Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).

synacknet added a commit that referenced this pull request Jan 5, 2016

Merge pull request #10 from octurite/dev/octurite/tcpmux-droppriv-fix
CVE-2013-4342: xinetd ignores user and group directives for TCPMUX services

@synacknet synacknet merged commit e7c1ba4 into xinetd-org:master Jan 5, 2016

@zr000

This comment has been minimized.

Show comment Hide comment
@zr000

zr000 Apr 26, 2016

Does SUSE Linux Enterprise Server 10 SP2 is affected by the vulnerability?

zr000 commented Apr 26, 2016

Does SUSE Linux Enterprise Server 10 SP2 is affected by the vulnerability?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment