Vulnerability Description
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xinetd | Xinetd | - |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1409.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1006100ExploitPatch
- https://github.com/xinetd-org/xinetd/pull/10
- https://security.gentoo.org/glsa/201611-06
- http://rhn.redhat.com/errata/RHSA-2013-1409.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1006100ExploitPatch
- https://github.com/xinetd-org/xinetd/pull/10
- https://security.gentoo.org/glsa/201611-06
FAQ
What is CVE-2013-4342?
CVE-2013-4342 is a vulnerability with a CVSS score of 7.6 (HIGH). xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by le...
How severe is CVE-2013-4342?
CVE-2013-4342 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4342?
Check the references section above for vendor advisories and patch information. Affected products include: Xinetd Xinetd, Redhat Enterprise Linux.