Xinetd CVE-2012-0862 Security Bypass Vulnerability
BID:53720
Info
Xinetd CVE-2012-0862 Security Bypass Vulnerability
| Bugtraq ID: | 53720 |
| Class: | Design Error |
| CVE: |
CVE-2012-0862 |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2012 12:00AM |
| Updated: | Apr 13 2015 09:20PM |
| Credit: | Thomas Swan |
| Vulnerable: |
Xinetd Xinetd 2.3.12 Xinetd Xinetd 2.3.11 Xinetd Xinetd 2.3.10 Xinetd Xinetd 2.3.9 Xinetd Xinetd 2.3.8 Xinetd Xinetd 2.3.7 Xinetd Xinetd 2.3.6 Xinetd Xinetd 2.3.5 Xinetd Xinetd 2.3.4 Xinetd Xinetd 2.3.3 Xinetd Xinetd 2.3.2 Xinetd Xinetd 2.3.1 Xinetd Xinetd 2.3 Xinetd Xinetd 2.3.14 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 CentOS CentOS 6 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Meeting Exchange 6.0 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: |
Xinetd Xinetd 2.3.15 |
Discussion
Xinetd CVE-2012-0862 Security Bypass Vulnerability
Xinetd is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass intended security restrictions of the firewall and gain access to the services through the tcpmux port. This may aid in further attacks.
Xinetd is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass intended security restrictions of the firewall and gain access to the services through the tcpmux port. This may aid in further attacks.
Exploit / POC
Xinetd CVE-2012-0862 Security Bypass Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Xinetd CVE-2012-0862 Security Bypass Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2011
Solution:
Vendor updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva xinetd-2.3.14-9.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva xinetd-simple-services-2.3.14-9.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva xinetd-2.3.14-13.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva xinetd-simple-services-2.3.14-13.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
Xinetd CVE-2012-0862 Security Bypass Vulnerability
References:
References: