Rapid7 Vulnerability & Exploit Database

RHSA-2002:196: Updated xinetd packages fix denial of service vulnerability

Back to Search

RHSA-2002:196: Updated xinetd packages fix denial of service vulnerability

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
09/05/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Xinetd contains a denial-of-service (DoS) vulnerability. UPDATE 2002-12-02: Updated packages are available to fix issues encountered with the previous errata packages.

Xinetd is a secure replacement for inetd, the Internet services daemon. Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0871 to this issue. Red Hat Linux 7.3 shipped with xinetd version 2.3.4 and is therefore vulnerable to this issue. All users are advised to upgrade to the errata packages which fix the vulnerability. Thanks to Solar Designer for discovering this issue.

Solution(s)

  • redhat-upgrade-xinetd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;