xinetd-2.3.14-20.AXS3

エラータID: AXSA:2013-656:02

Release date: 
Friday, October 18, 2013 - 11:58
Subject: 
xinetd-2.3.14-20.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and lets you bind specific services to specific IP addresses on your host machine. Each service has its own specific configuration file for Xinetd; the files are located in the /etc/xinetd.d directory.

Security issues fixed with this release:

CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

Solution: 

Update packages.

CVEs: 
CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.


Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. xinetd-2.3.14-20.AXS3.i386.rpm
    MD5: 9608068264b443b89644d01afd134e1a
    SHA-256: d4a4a3a9388f399f6ab631f20f9ee980a1eebc6fccdf624405d1f28722a3b578
    Size: 127.42 kB

Asianux Server 3 for x86_64
  1. xinetd-2.3.14-20.AXS3.x86_64.rpm
    MD5: 75f1bcb92fb36b48a0976e0cd19e8829
    SHA-256: 733052a76f2a49d33e4bdf83f1aae11d0a726af40ae70e84e0501f7107848115
    Size: 128.05 kB