35 lines
955 B
Diff
35 lines
955 B
Diff
xinetd: CVE-2013-4342
|
|
|
|
xinetd does not enforce the user and group configuration directives
|
|
for TCPMUX services, which causes these services to be run as root
|
|
and makes it easier for remote attackers to gain privileges by
|
|
leveraging another vulnerability in a service.
|
|
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
|
|
|
|
the patch come from:
|
|
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
|
|
|
|
CVE: CVE-2013-4342
|
|
Signed-off-by: Li Wang <li.wang@windriver.com>
|
|
Upstream-Status: Backport
|
|
---
|
|
xinetd/builtins.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
|
|
index 3b85579..34a5bac 100644
|
|
--- a/xinetd/builtins.c
|
|
+++ b/xinetd/builtins.c
|
|
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
|
|
if( SC_IS_INTERNAL( scp ) ) {
|
|
SC_INTERNAL(scp, nserp);
|
|
} else {
|
|
- exec_server(nserp);
|
|
+ child_process(nserp);
|
|
}
|
|
}
|
|
|
|
--
|
|
1.7.9.5
|
|
|