xinetd: CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 the patch come from: https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff (From OE-Core rev: c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
d1cb9ec1c2
commit
bd477cd98b
|
@ -0,0 +1,32 @@
|
|||
xinetd: CVE-2013-4342
|
||||
|
||||
xinetd does not enforce the user and group configuration directives
|
||||
for TCPMUX services, which causes these services to be run as root
|
||||
and makes it easier for remote attackers to gain privileges by
|
||||
leveraging another vulnerability in a service.
|
||||
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
|
||||
|
||||
the patch come from:
|
||||
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
|
||||
|
||||
Signed-off-by: Li Wang <li.wang@windriver.com>
|
||||
---
|
||||
xinetd/builtins.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
|
||||
index 3b85579..34a5bac 100644
|
||||
--- a/xinetd/builtins.c
|
||||
+++ b/xinetd/builtins.c
|
||||
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
|
||||
if( SC_IS_INTERNAL( scp ) ) {
|
||||
SC_INTERNAL(scp, nserp);
|
||||
} else {
|
||||
- exec_server(nserp);
|
||||
+ child_process(nserp);
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
1.7.9.5
|
||||
|
|
@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \
|
|||
file://Various-fixes-from-the-previous-maintainer.patch \
|
||||
file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
|
||||
file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
|
||||
file://xinetd-CVE-2013-4342.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"
|
||||
|
|
Loading…
Reference in New Issue