CVE-2013-4342 — Incorrect Privilege Assignment in Xinetd

CWE-264 CWE-266 — Incorrect Privilege Assignment CWE-863 — Incorrect Authorization8 documents7 sources

Severity

7.6HIGHNVD

EPSS

15.3%

top 5.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xinetd Debian Xinetd Redhat Enterprise Linux +6 more

Timeline

PublishedOct 10

Latest updateJun 11

Description

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages8 packages

▶debiandebian/xinetd< xinetd 1:2.3.15-2 (bookworm)

▶Debianxinetd/xinetd< 1:2.3.15-2+3

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/cbl_mariner_1.0_arm

Also affects: Enterprise Linux 5, 6.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3vj5-whv8-66p9: xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it ea↗2022-05-14

▶

OSV

CVE-2013-4342: xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it ea↗2013-10-10

▶

📋Vendor Advisories

Microsoft

CVE-2013-4342: NIST NVD Details: https://nvd↗2024-06-11

▶

Debian

CVE-2013-4342: xinetd - xinetd does not enforce the user and group configuration directives for TCPMUX s...↗2013

▶

Red Hat

xinetd: ignores user and group directives for tcpmux services↗2005-08-23

▶

💬Community

Bugzilla

CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services [fedora-all]↗2013-10-03

▶

Bugzilla

CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services↗2013-09-10

▶