xinetd Connection Filtering Via Hostname Vulnerability
BID:1381
Info
xinetd Connection Filtering Via Hostname Vulnerability
| Bugtraq ID: | 1381 |
| Class: | Origin Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2000 12:00AM |
| Updated: | Jun 04 2000 12:00AM |
| Credit: | This vulnerability was made public on the xinetd website, http://www.synack.net/xinetd |
| Vulnerable: |
[email protected] xinetd 2.1.8 9pre5 [email protected] xinetd 2.1.8 9pre4 [email protected] xinetd 2.1.8 9pre3 [email protected] xinetd 2.1.8 9pre2 [email protected] xinetd 2.1.8 9pre1 [email protected] xinetd 2.1.8 8p2 [email protected] xinetd 2.1.8 8p1 [email protected] xinetd 2.1.8 8 [email protected] xinetd 2.1.8 7 |
| Not Vulnerable: |
[email protected] xinetd 2.1.8 9pre7 [email protected] xinetd 2.1.8 9pre6 [email protected] xinetd 2.1.8 8p3 |
Discussion
xinetd Connection Filtering Via Hostname Vulnerability
A vulnerability exists in versions of xinetd prior to versions 2.1.8.8p3 and 2.1.8.9pre6. If a hostname is specified to limit access to a service instead of an ip (for instance, specifying 'localhost' instead of 127.0.0.1), any host which attempts to connect to the service that does not have a reverse record will be able to connect, when they should actually be denied.
A vulnerability exists in versions of xinetd prior to versions 2.1.8.8p3 and 2.1.8.9pre6. If a hostname is specified to limit access to a service instead of an ip (for instance, specifying 'localhost' instead of 127.0.0.1), any host which attempts to connect to the service that does not have a reverse record will be able to connect, when they should actually be denied.
Exploit / POC
xinetd Connection Filtering Via Hostname Vulnerability
If the machine attempting to connect to the xinetd service has no reverse name record on the nameserver, it will be able to connect to the service successfully.
If the machine attempting to connect to the xinetd service has no reverse name record on the nameserver, it will be able to connect to the service successfully.
Solution / Fix
xinetd Connection Filtering Via Hostname Vulnerability
Solution:
Upgrading to version 2.1.8.8p3 or 2.1.8.9pre6, or later, will eliminate this vulnerability
[email protected] xinetd 2.1.8 9pre3
[email protected] xinetd 2.1.8 9pre5
[email protected] xinetd 2.1.8 9pre1
[email protected] xinetd 2.1.8 9pre4
[email protected] xinetd 2.1.8 7
[email protected] xinetd 2.1.8 8p2
[email protected] xinetd 2.1.8 9pre2
[email protected] xinetd 2.1.8 8p1
[email protected] xinetd 2.1.8 8
Solution:
Upgrading to version 2.1.8.8p3 or 2.1.8.9pre6, or later, will eliminate this vulnerability
[email protected] xinetd 2.1.8 9pre3
-
[email protected] 2.1.8.9pre7
http://www.synack.net/xinetd
[email protected] xinetd 2.1.8 9pre5
-
[email protected] 2.1.8.9pre7
http://www.synack.net/xinetd
[email protected] xinetd 2.1.8 9pre1
-
[email protected] 2.1.8.9pre7
http://www.synack.net/xinetd
[email protected] xinetd 2.1.8 9pre4
-
[email protected] 2.1.8.9pre7
http://www.synack.net/xinetd
[email protected] xinetd 2.1.8 7
[email protected] xinetd 2.1.8 8p2
[email protected] xinetd 2.1.8 9pre2
-
[email protected] 2.1.8.9pre7
http://www.synack.net/xinetd
[email protected] xinetd 2.1.8 8p1
[email protected] xinetd 2.1.8 8