xinetd-2.3.14-38.AXS4

Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and lets you bind specific services to specific IP addresses on your host machine. Each service has its own specific configuration file for Xinetd; the files are located in the /etc/xinetd.d directory.

Security issues fixed with this release:

CVE-2012-0862
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Fixed bugs:

• Previously, when xinetd was under heavy load, some file descriptors could remain open. The system log would also fill up with many messages, ending up taking a lot of space over time. This has been fixed.

• Previsouly, xinetd permanently disabled services when their CPS limit was reached, leading to potential failed bind operations when xinetd restarted the service. To fix this, services are now disabled only after 30 failures.