CVE-2012-0862

EPSS 1.04%
Published 04.06.2012 20:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Xinetd ≫ Xinetd Version <= 2.3.14

Xinetd ≫ Xinetd Version2.3.5

Xinetd ≫ Xinetd Version2.3.6

Xinetd ≫ Xinetd Version2.3.7

Xinetd ≫ Xinetd Version2.3.8

Xinetd ≫ Xinetd Version2.3.9

Xinetd ≫ Xinetd Version2.3.10

Xinetd ≫ Xinetd Version2.3.11

Xinetd ≫ Xinetd Version2.3.12

Xinetd ≫ Xinetd Version2.3.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.04%	0.766

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html

http://rhn.redhat.com/errata/RHSA-2013-1302.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:155

http://www.openwall.com/lists/oss-security/2012/05/09/5

http://www.openwall.com/lists/oss-security/2012/05/10/2

http://www.osvdb.org/81774

http://www.securityfocus.com/bid/53720

http://www.securitytracker.com/id?1027050

http://www.xinetd.org/#changes

https://bugzilla.redhat.com/attachment.cgi?id=583311

https://bugzilla.redhat.com/show_bug.cgi?id=790940

https://exchange.xforce.ibmcloud.com/vulnerabilities/75965

https://nvd.nist.gov/vuln/detail/CVE-2012-0862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0862

EUVD