{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1027050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027050"}, {"name": "[oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/09/5"}, {"name": "FEDORA-2012-8041", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html"}, {"name": "81774", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/81774"}, {"name": "xinetd-tcpmux-weak-security(75965)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75965"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=583311"}, {"name": "RHSA-2013:1302", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1302.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790940"}, {"name": "FEDORA-2012-8061", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html"}, {"name": "[oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/2"}, {"name": "53720", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53720"}, {"name": "MDVSA-2012:155", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:155"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xinetd.org/#changes"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0862", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1027050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027050"}, {"name": "[oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/09/5"}, {"name": "FEDORA-2012-8041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html"}, {"name": "81774", "refsource": "OSVDB", "url": "http://www.osvdb.org/81774"}, {"name": "xinetd-tcpmux-weak-security(75965)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75965"}, {"name": "https://bugzilla.redhat.com/attachment.cgi?id=583311", "refsource": "MISC", "url": "https://bugzilla.redhat.com/attachment.cgi?id=583311"}, {"name": "RHSA-2013:1302", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1302.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790940", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790940"}, {"name": "FEDORA-2012-8061", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html"}, {"name": "[oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/2"}, {"name": "53720", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53720"}, {"name": "MDVSA-2012:155", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:155"}, {"name": "http://www.xinetd.org/#changes", "refsource": "CONFIRM", "url": "http://www.xinetd.org/#changes"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:14.982Z"}, "title": "CVE Program Container", "references": [{"name": "1027050", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027050"}, {"name": "[oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/09/5"}, {"name": "FEDORA-2012-8041", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html"}, {"name": "81774", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/81774"}, {"name": "xinetd-tcpmux-weak-security(75965)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75965"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=583311"}, {"name": "RHSA-2013:1302", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1302.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790940"}, {"name": "FEDORA-2012-8061", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html"}, {"name": "[oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/2"}, {"name": "53720", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53720"}, {"name": "MDVSA-2012:155", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:155"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xinetd.org/#changes"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0862", "datePublished": "2012-06-04T20:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xinetd:xinetd:*:*:*:*:*:*:*:*", "matchCriteriaId": "5133E5DD-16A3-482A-A72E-0703F314C5E2", "versionEndIncluding": "2.3.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "82CB46D4-DF79-4464-8264-D65D0DA784E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "A45BAD0A-2620-4AC2-9774-41D1D6F61F57", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "9B48B3E9-43F9-4F83-A7DE-2FDAA10A2DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "9D8A6F25-6188-4A27-BAC8-38033A275BBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "C0E3C40F-C4BB-4518-B839-5A4FB1614679", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "A64D3005-CC91-4517-A4B0-4B1004163900", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "C6106B0C-7729-4AE8-821E-04A66638217F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "DBFD5892-FC9A-4909-B5BD-8769F792DD03", "vulnerable": true}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "5E3C6E61-F904-4711-B957-7EC6932A93ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1."}, {"lang": "es", "value": "builtins.c de Xinetd en versiones anteriores a la 2.3.15 no comprueba el tipo de servicio cuando el servicio tcpmux-server est\u00e1 habilitado, lo que expone todos los servicios habilitados y permite a atacantes remotos evitar las restricciones de acceso previstas a trav\u00e9s de una petici\u00f3n a tcpmux puerto 1."}], "id": "CVE-2012-0862", "lastModified": "2017-08-29T01:31:04.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-04T20:55:02.447", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1302.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:155"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/09/5"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/2"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/81774"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53720"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1027050"}, {"source": "secalert@redhat.com", "url": "http://www.xinetd.org/#changes"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/attachment.cgi?id=583311"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790940"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75965"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Thomas Swan (FedEx) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2013:1302", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xinetd-2:2.3.14-19.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-09-30T00:00:00Z"}, {"advisory": "RHSA-2013:0499", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xinetd-2:2.3.14-38.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}], "bugzilla": {"description": "xinetd: enables unintentional services over tcpmux port", "id": "790940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790940"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1."], "name": "CVE-2012-0862", "public_date": "2012-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-0862\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0862"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low", "upstream_fix": "xinetd 2.3.15"}