Public Date:
CWE-266 -> CWE-863
1006100: CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services

The MITRE CVE dictionary describes this issue as:

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

Find out more about CVE-2013-4342 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.6
Base Metrics AV:N/AC:H/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 6 (xinetd) RHSA-2013:1409 2013-10-07
Red Hat Enterprise Linux version 5 (xinetd) RHSA-2013:1409 2013-10-07

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 xinetd Not affected


Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.