Debian DSA-151-1 : xinetd

NASLDB: Debian DSA-151-1 : xinetd - pipe exposure

General

ID: 14988
Name: Debian DSA-151-1 : xinetd – pipe exposure

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Solar Designer found a vulnerability in xinetd, a replacement for the
BSD derived inetd. File descriptors for the signal pipe introduced in
version 2.3.4 are leaked into services started from xinetd. The
descriptors could be used to talk to xinetd resulting in crashing it
entirely. This is usually called a denial of service.

This problem has been fixed by the package maintainer in version
2.3.4-1.2 for the current stable distribution (woody) and in version
2.3.7-1 for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn’t contain the
signal pipe.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2002-0871
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2002/08/13
Plugin Release: 2004/09/29

Plugin

Version: 1.13
Filename: debian_DSA-151.nasl
Filesize: 3200 bytes
MD5 Hash: 77be036489c0aa60cf05657a28616950

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG