FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5c34664f-2c2b-11e3-87c2-00215af774f0	xinetd -- ignores user and group directives for TCPMUX services xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). Discovery 2005-08-23 Entry 2013-10-03 xinetd < 2.3.15_1 CVE-2013-4342 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 https://bugzilla.redhat.com/show_bug.cgi?id=1006100
e11955ca-187c-11e2-be36-00215af774f0	xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port. Discovery 2012-02-15 Entry 2012-10-17 xinetd < 2.3.15 CVE-2012-0862 https://bugzilla.redhat.com/show_bug.cgi?id=790940

VuXML ID

Description

5c34664f-2c2b-11e3-87c2-00215af774f0

xinetd -- ignores user and group directives for TCPMUX services

xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).

Discovery 2005-08-23
Entry 2013-10-03
xinetd

< 2.3.15_1

CVE-2013-4342
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
https://bugzilla.redhat.com/show_bug.cgi?id=1006100

e11955ca-187c-11e2-be36-00215af774f0

xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

Thomas Swan reports:

xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port.

Discovery 2012-02-15
Entry 2012-10-17
xinetd

< 2.3.15

CVE-2012-0862
https://bugzilla.redhat.com/show_bug.cgi?id=790940