Skip to navigation

Security Advisory Moderate: xinetd security update

Advisory: RHSA-2013:1409-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-07
Last updated on: 2013-10-07
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-4342

Details

An updated xinetd package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The xinetd package provides a secure replacement for inetd, the Internet
services daemon. xinetd provides access control for all services based on
the address of the remote host and/or on time of access, and can prevent
denial-of-access attacks.

It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This flaw
could cause the associated services to run as root. If there was a flaw in
such a service, a remote attacker could use it to execute arbitrary code
with the privileges of the root user. (CVE-2013-4342)

Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.

All xinetd users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xinetd-2.3.14-20.el5_10.src.rpm     MD5: b09328058a3383a20f9028c3e0a4b7c3
SHA-256: 0d03386f080cff278db667521ce0ee1167c48c53f1d85c02df07f33a702f50b5
 
IA-32:
xinetd-2.3.14-20.el5_10.i386.rpm     MD5: a903e8db26394989e70544e22ac2c2e5
SHA-256: bc9ad9677eb4c0851558641ecc691dcac8adc471f0fad30ef4576285816b7b07
xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm     MD5: f63d1900335d948f3b2527f5f499430a
SHA-256: 472d1507afd560895ca1887e8c533f48785cb0f4ebe72e95ac6287015d209b1f
 
IA-64:
xinetd-2.3.14-20.el5_10.ia64.rpm     MD5: 8e38761a0981bdaca7c9b0d2a314e856
SHA-256: 5a197dae21ec592568f62d8eacec05f7c6b9d71267be4f662b3a2998824dc80b
xinetd-debuginfo-2.3.14-20.el5_10.ia64.rpm     MD5: 52bfecf51989855e827ce8dd74759d7d
SHA-256: 52ade2bae9b9c0315495d7f72f08a09169311b674df01dfb3be506ecda84f156
 
PPC:
xinetd-2.3.14-20.el5_10.ppc.rpm     MD5: 7e1eea2c0b44f89fff55ac9405ea99fa
SHA-256: 6a3bda6f458aec1bc86ada41ab626d5f514bec44bc85a1559592a4f743557eaf
xinetd-debuginfo-2.3.14-20.el5_10.ppc.rpm     MD5: 62f89bde573eba32e207a6d5dbfdd85c
SHA-256: 2f482959d873c232630d950db47e148c2280b577ae214da2698516cb10b15985
 
s390x:
xinetd-2.3.14-20.el5_10.s390x.rpm     MD5: ba9167d716166136c4f32583d632eb07
SHA-256: a4dc38ea36bd7138dea0cc6680173c018b864d72e2b3ce9b0ab83b366272d91e
xinetd-debuginfo-2.3.14-20.el5_10.s390x.rpm     MD5: 7bfb74b28558ca89731812bc3d067768
SHA-256: 921dff5a699cc208c18db4372b9bb8cde7e3e9189c0f6f6c80fbd83bc8db74ed
 
x86_64:
xinetd-2.3.14-20.el5_10.x86_64.rpm     MD5: 348a403e2a2c0f2230720cfdafee947a
SHA-256: 5b40acd163089ec7348004c5e1f28645e20485ad6beb122cce1213041e080627
xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm     MD5: 229128acc03e7a45648955c9daac750b
SHA-256: 8e5f0908300c6bf8c774e7d7f7419c5063a2e3613176c7b8ff25657f83352d02
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xinetd-2.3.14-20.el5_10.src.rpm     MD5: b09328058a3383a20f9028c3e0a4b7c3
SHA-256: 0d03386f080cff278db667521ce0ee1167c48c53f1d85c02df07f33a702f50b5
 
IA-32:
xinetd-2.3.14-20.el5_10.i386.rpm     MD5: a903e8db26394989e70544e22ac2c2e5
SHA-256: bc9ad9677eb4c0851558641ecc691dcac8adc471f0fad30ef4576285816b7b07
xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm     MD5: f63d1900335d948f3b2527f5f499430a
SHA-256: 472d1507afd560895ca1887e8c533f48785cb0f4ebe72e95ac6287015d209b1f
 
x86_64:
xinetd-2.3.14-20.el5_10.x86_64.rpm     MD5: 348a403e2a2c0f2230720cfdafee947a
SHA-256: 5b40acd163089ec7348004c5e1f28645e20485ad6beb122cce1213041e080627
xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm     MD5: 229128acc03e7a45648955c9daac750b
SHA-256: 8e5f0908300c6bf8c774e7d7f7419c5063a2e3613176c7b8ff25657f83352d02
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
IA-32:
xinetd-2.3.14-39.el6_4.i686.rpm     MD5: c034b627683813c694aa5666dc6c7b66
SHA-256: bbc47187d43e65c53a55fa034c58767da0a47536c8247632337a3303fe01fab6
xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm     MD5: 2049291284e0ecef23bd903d910a6c12
SHA-256: 2bf7a3021772fc3b09c3222e0942dbafb32b8878902a02ae5e227d039e08d8b2
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
IA-32:
xinetd-2.3.14-39.el6_4.i686.rpm     MD5: c034b627683813c694aa5666dc6c7b66
SHA-256: bbc47187d43e65c53a55fa034c58767da0a47536c8247632337a3303fe01fab6
xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm     MD5: 2049291284e0ecef23bd903d910a6c12
SHA-256: 2bf7a3021772fc3b09c3222e0942dbafb32b8878902a02ae5e227d039e08d8b2
 
PPC:
xinetd-2.3.14-39.el6_4.ppc64.rpm     MD5: a98f9d83f6215e7e0fe1c59d6793b529
SHA-256: df174c8244bc82d9ff1a55bf0f431187bbfabb3124d3b41e41c1cda10054b120
xinetd-debuginfo-2.3.14-39.el6_4.ppc64.rpm     MD5: 1bae9534c820847c69ef18553d290caf
SHA-256: c355f0f606eb6eb87d269a3ca7a0e68c1614071b0fbd8f54fc4b7941cbb55ef8
 
s390x:
xinetd-2.3.14-39.el6_4.s390x.rpm     MD5: 645691223d1e2d0ff5f6cf42354e511a
SHA-256: 5f6684c217102f2f4a5192516e2d531f48edb1ff2c0c09df09641ceafc2b42ea
xinetd-debuginfo-2.3.14-39.el6_4.s390x.rpm     MD5: 0853261900546ee9e63d0879ee246604
SHA-256: 530c60625846cb2f32d84716461d9d017a0fe7147f39b07978389cdcc5db050c
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
IA-32:
xinetd-2.3.14-39.el6_4.i686.rpm     MD5: c034b627683813c694aa5666dc6c7b66
SHA-256: bbc47187d43e65c53a55fa034c58767da0a47536c8247632337a3303fe01fab6
xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm     MD5: 2049291284e0ecef23bd903d910a6c12
SHA-256: 2bf7a3021772fc3b09c3222e0942dbafb32b8878902a02ae5e227d039e08d8b2
 
PPC:
xinetd-2.3.14-39.el6_4.ppc64.rpm     MD5: a98f9d83f6215e7e0fe1c59d6793b529
SHA-256: df174c8244bc82d9ff1a55bf0f431187bbfabb3124d3b41e41c1cda10054b120
xinetd-debuginfo-2.3.14-39.el6_4.ppc64.rpm     MD5: 1bae9534c820847c69ef18553d290caf
SHA-256: c355f0f606eb6eb87d269a3ca7a0e68c1614071b0fbd8f54fc4b7941cbb55ef8
 
s390x:
xinetd-2.3.14-39.el6_4.s390x.rpm     MD5: 645691223d1e2d0ff5f6cf42354e511a
SHA-256: 5f6684c217102f2f4a5192516e2d531f48edb1ff2c0c09df09641ceafc2b42ea
xinetd-debuginfo-2.3.14-39.el6_4.s390x.rpm     MD5: 0853261900546ee9e63d0879ee246604
SHA-256: 530c60625846cb2f32d84716461d9d017a0fe7147f39b07978389cdcc5db050c
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
xinetd-2.3.14-39.el6_4.src.rpm     MD5: addaa5f1ad08a3f38a656649cc5144b6
SHA-256: 9056271e11c376876171769e5f68e520fb0da97337007f84f758281663b7a4e2
 
IA-32:
xinetd-2.3.14-39.el6_4.i686.rpm     MD5: c034b627683813c694aa5666dc6c7b66
SHA-256: bbc47187d43e65c53a55fa034c58767da0a47536c8247632337a3303fe01fab6
xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm     MD5: 2049291284e0ecef23bd903d910a6c12
SHA-256: 2bf7a3021772fc3b09c3222e0942dbafb32b8878902a02ae5e227d039e08d8b2
 
x86_64:
xinetd-2.3.14-39.el6_4.x86_64.rpm     MD5: 01982651b6b43bc6b31d81ed7ba8893d
SHA-256: 31cb7625b8e174e617312c7acfb28088eb16bd8657a4bd9379d34d82224d3bcd
xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm     MD5: 6e636880cee7b85c33c1d562512f12da
SHA-256: 3d8fc33b9dbe2f12b3b02834c38787215b47892df266fbc65a37941c100b0d69
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1006100 - CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services


References


Keywords

xinetd


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/