4.3
CVE-2012-0862
- EPSS 2.78%
- Veröffentlicht 04.06.2012 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:38:24
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.78% | 0.845 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
http://rhn.redhat.com/errata/RHSA-2013-1302.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
http://www.openwall.com/lists/oss-security/2012/05/09/5
http://www.openwall.com/lists/oss-security/2012/05/10/2
http://www.osvdb.org/81774
http://www.securityfocus.com/bid/53720
http://www.securitytracker.com/id?1027050
http://www.xinetd.org/#changes
https://bugzilla.redhat.com/attachment.cgi?id=583311
https://bugzilla.redhat.com/show_bug.cgi?id=790940
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965