Description
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027050
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/09/5
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81774
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/attachment.cgi?id=583311
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1302.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=790940
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/10/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53720
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
Various Sources x_refsource_confirm
http://www.xinetd.org/#changes
Scores
EPSS
0.0278
EPSS Percentile
84.7%
Details
CWE
CWE-20
Status
published
Products (10)
xinetd/xinetd
2.3.5
xinetd/xinetd
2.3.6
xinetd/xinetd
2.3.7
xinetd/xinetd
2.3.8
xinetd/xinetd
2.3.9
xinetd/xinetd
2.3.10
xinetd/xinetd
2.3.11
xinetd/xinetd
2.3.12
xinetd/xinetd
2.3.13
xinetd/xinetd
< 2.3.14
Published
Jun 04, 2012
Tracked Since
Feb 18, 2026