Vulnerability Details CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.153
EPSS Ranking 94.4%
CVSS Severity
CVSS v2 Score 7.6
References
- http://rhn.redhat.com/errata/RHSA-2013-1409.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1006100
- https://github.com/xinetd-org/xinetd/pull/10
- https://security.gentoo.org/glsa/201611-06
- http://rhn.redhat.com/errata/RHSA-2013-1409.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1006100
- https://github.com/xinetd-org/xinetd/pull/10
- https://security.gentoo.org/glsa/201611-06
Products affected by CVE-2013-4342
-
cpe:2.3:a:xinetd:xinetd:-
-
cpe:2.3:o:redhat:enterprise_linux:5
-
cpe:2.3:o:redhat:enterprise_linux:6.0