Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53411
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 151-1 (xinetd)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xinetd
announced via advisory DSA 151-1.

Solar Designer found a vulnerability in xinetd, a replacement for the
BSD derived inetd. File descriptors for the signal pipe introduced in
version 2.3.4 are leaked into services started from xinetd. The
descriptors could be used to talk to xinetd resulting in crashing it
entirely. This is usually called a denial of service.

This problem has been fixed by the package maintainer in version
2.3.4-1.2 for the current stable distribution (woody) and in version
2.3.7-1 for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn't contain the
signal pipe.

We recommend that you upgrade your xinetd packages.


Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%20151-1

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: BugTraq ID: 5458
Common Vulnerability Exposure (CVE) ID: CVE-2002-0871
http://www.securityfocus.com/bid/5458
Bugtraq: 20020814 GLSA: xinetd (Google Search)
http://marc.info/?l=bugtraq&m=102935383506155&w=2
Debian Security Information: DSA-151 (Google Search)
https://www.debian.org/security/2002/dsa-151
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php
http://www.redhat.com/support/errata/RHSA-2002-196.html
http://www.redhat.com/support/errata/RHSA-2003-228.html
http://www.iss.net/security_center/static/9844.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.