Test ID:	1.3.6.1.4.1.25623.1.0.50875
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2001:055-1 (xinetd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xinetd announced via advisory MDKSA-2001:055-1. A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do not set permissions themselves (like SWAT, a web configuration tool for Samba), will create world writable files. This update sets the default umask to 022. Update: This update forces the TMPDIR to /tmp instead of obtaining it from the root user by default, which uses /root/tmp. As well, this version of xinetd also fixed a possible buffer overflow in the logging code that was reported by zen-parse on bugtraq, but was not mentioned in the previous advisory. Affected versions: 7.2, 8.0, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2001:055-1 http://www.securityfocus.com/bid/2826 http://www.securityfocus.com/bid/2840 http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.