Red Hat Customer Portal

Skip to main content

CVE-2013-4342

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

Details Source

Mitre

Public Date

2005-08-23 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services

Bugzilla ID

1 006 100

CVSS Status

verified

Base Score

7.60

Base Metrics

AV:N/AC:H/Au:N/C:C/I:C/A:C

Acknowledgements

Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (xinetd) RHSA-2013:1409 2013-10-07
Red Hat Enterprise Linux 5 (xinetd) RHSA-2013:1409 2013-10-07

CWE

CWE-266->CWE-863

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 xinetd Not affected