CVE-2012-0862

EPSS 1.04%
Veröffentlicht 04.06.2012 20:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xinetd ≫ Xinetd Version <= 2.3.14

Xinetd ≫ Xinetd Version2.3.5

Xinetd ≫ Xinetd Version2.3.6

Xinetd ≫ Xinetd Version2.3.7

Xinetd ≫ Xinetd Version2.3.8

Xinetd ≫ Xinetd Version2.3.9

Xinetd ≫ Xinetd Version2.3.10

Xinetd ≫ Xinetd Version2.3.11

Xinetd ≫ Xinetd Version2.3.12

Xinetd ≫ Xinetd Version2.3.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.766

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html

http://rhn.redhat.com/errata/RHSA-2013-1302.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:155

http://www.openwall.com/lists/oss-security/2012/05/09/5

http://www.openwall.com/lists/oss-security/2012/05/10/2

http://www.osvdb.org/81774

http://www.securityfocus.com/bid/53720

http://www.securitytracker.com/id?1027050

http://www.xinetd.org/#changes

https://bugzilla.redhat.com/attachment.cgi?id=583311

https://bugzilla.redhat.com/show_bug.cgi?id=790940

https://exchange.xforce.ibmcloud.com/vulnerabilities/75965

https://nvd.nist.gov/vuln/detail/CVE-2012-0862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0862

EUVD