{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201611-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xinetd-org/xinetd/pull/10"}, {"name": "RHSA-2013:1409", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.956Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201611-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201611-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xinetd-org/xinetd/pull/10"}, {"name": "RHSA-2013:1409", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4342", "datePublished": "2013-10-10T00:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.956Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xinetd:xinetd:-:*:*:*:*:*:*:*", "matchCriteriaId": "43ECBCF4-C433-4177-A0B4-6E560ED2B720", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."}, {"lang": "es", "value": "xinetd no fuerza la directriz de configuraci\u00f3n del usuario y grupo para servicios TCPMUX, lo que provoca que estos servicios sean ejecutados como root y hacer m\u00e1s sencillo para atacantes remotos obtener privilegios mediante el aprovechamiento de otra vulnerabilidad en un servicio."}], "id": "CVE-2013-4342", "lastModified": "2024-11-21T01:55:23.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-10T00:55:14.960", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"}, {"source": "secalert@redhat.com", "url": "https://github.com/xinetd-org/xinetd/pull/10"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201611-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/xinetd-org/xinetd/pull/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201611-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Thomas Swan (FedEx) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2013:1409", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xinetd-2:2.3.14-20.el5_10", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-10-07T00:00:00Z"}, {"advisory": "RHSA-2013:1409", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xinetd-2:2.3.14-39.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-10-07T00:00:00Z"}], "bugzilla": {"description": "xinetd: ignores user and group directives for tcpmux services", "id": "1006100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"}, "csaw": false, "cvss": {"cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-266->CWE-863", "details": ["xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."], "name": "CVE-2013-4342", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "xinetd", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2005-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4342\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4342"], "threat_severity": "Moderate"}