xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

An update of the xinetd package has been released.

The version of xinetd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2013-4342 advisory.

  - xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes     these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging     another vulnerability in a service. (CVE-2013-4342)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201611-06 (xinetd: Privilege escalation)

    Xinetd does not enforce the user and group configuration directives for       TCPMUX services, which causes these services to be run as root.
  Impact :

    Attackers could escalate privileges outside of the running process.
  Workaround :

    There is no known workaround at this time.

Xinetd receives a LTSS roll-up update to fix two security issues.

  - CVE-2012-0862: xinetd enabled all services when tcp     multiplexing is used.

  - CVE-2013-4342: xinetd ignored user and group directives     for tcpmux services, running services as root.

While both issues are not so problematic on their own, in combination the impact is greater and enabling tcpmux would be risky.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

xinetd was updated to receive security fixes and a bug fix.

Security issues fixed :

  - CVE-2013-4342 (bnc#844230)

  - xinetd ignored user and group directives for tcpmux     services

  - CVE-2012-0862 (bnc#762294)

  - xinetd enabled all services when tcp multiplexing is     used

Also added support for setting maximum number of open files (bnc#855685).

The multiplexing system xinetd was updated to fix security issues and a bug.

Security issues fixed :

  - xinetd ignores user and group directives for tcpmux     services. (CVE-2013-4342)

  - xinetd enables all services when tcp multiplexing is     used. Bug fixed:. (CVE-2012-0862)

  - Services started by xinetd were limited to 1024 open     file descriptors. (bnc#855685)

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)

CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated xinetd package fixes security vulnerability :

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user (CVE-2013-4342).

An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)

Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.

All xinetd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

From Red Hat Security Advisory 2013:1409 :

An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks.

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)

Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.

All xinetd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).

ID	Name	Product	Family	Severity
204558	Photon OS 5.0: Xinetd PHSA-2023-5.0-0060	Nessus	PhotonOS Local Security Checks	critical
204374	Photon OS 4.0: Xinetd PHSA-2023-4.0-0449	Nessus	PhotonOS Local Security Checks	critical
201757	CBL Mariner 2.0 Security Update: xinetd (CVE-2013-4342)	Nessus	MarinerOS Local Security Checks	critical
94890	GLSA-201611-06 : xinetd: Privilege escalation	Nessus	Gentoo Local Security Checks	high
83631	SUSE SLES10 / SLES11 Security Update : xinetd (SUSE-SU-2014:0871-1)	Nessus	SuSE Local Security Checks	high
75322	openSUSE Security Update : xinetd (openSUSE-SU-2014:0517-1)	Nessus	SuSE Local Security Checks	high
73287	SuSE 11.3 Security Update : xinetd (SAT Patch Number 9021)	Nessus	SuSE Local Security Checks	high
70568	Amazon Linux AMI : xinetd (ALAS-2013-232)	Nessus	Amazon Linux Local Security Checks	high
70406	Fedora 19 : xinetd-2.3.15-8.fc19 (2013-18243)	Nessus	Fedora Local Security Checks	high
70405	Fedora 20 : xinetd-2.3.15-8.fc20 (2013-18241)	Nessus	Fedora Local Security Checks	high
70384	Mandriva Linux Security Advisory : xinetd (MDVSA-2013:248)	Nessus	Mandriva Local Security Checks	high
70365	Scientific Linux Security Update : xinetd on SL5.x, SL6.x i386/x86_64 (20131007)	Nessus	Scientific Linux Local Security Checks	high
70344	CentOS 5 / 6 : xinetd (CESA-2013:1409)	Nessus	CentOS Local Security Checks	high
70327	RHEL 5 / 6 : xinetd (RHSA-2013:1409)	Nessus	Red Hat Local Security Checks	high
70326	Oracle Linux 5 / 6 : xinetd (ELSA-2013-1409)	Nessus	Oracle Linux Local Security Checks	high
70299	FreeBSD : xinetd -- ignores user and group directives for TCPMUX services (5c34664f-2c2b-11e3-87c2-00215af774f0)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2013-4342

critical

Tenable Plugins

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high