Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame] | 1 | xinetd: CVE-2013-4342 |
| 2 | |
| 3 | xinetd does not enforce the user and group configuration directives |
| 4 | for TCPMUX services, which causes these services to be run as root |
| 5 | and makes it easier for remote attackers to gain privileges by |
| 6 | leveraging another vulnerability in a service. |
| 7 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 |
| 8 | |
| 9 | the patch come from: |
| 10 | https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff |
| 11 | |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 12 | CVE: CVE-2013-4342 |
Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame] | 13 | Signed-off-by: Li Wang <li.wang@windriver.com> |
| 14 | --- |
| 15 | xinetd/builtins.c | 2 +- |
| 16 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/xinetd/builtins.c b/xinetd/builtins.c |
| 19 | index 3b85579..34a5bac 100644 |
| 20 | --- a/xinetd/builtins.c |
| 21 | +++ b/xinetd/builtins.c |
| 22 | @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) |
| 23 | if( SC_IS_INTERNAL( scp ) ) { |
| 24 | SC_INTERNAL(scp, nserp); |
| 25 | } else { |
| 26 | - exec_server(nserp); |
| 27 | + child_process(nserp); |
| 28 | } |
| 29 | } |
| 30 | |
| 31 | -- |
| 32 | 1.7.9.5 |
| 33 | |