CVE-2001-1322

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
http://www.debian.org/security/2001/dsa-063
http://www.iss.net/security_center/static/6657.php	Vendor Advisory
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3
http://www.linuxsecurity.com/advisories/other_advisory-1469.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-075.html
http://www.securityfocus.com/bid/2826

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xinetd:xinetd:2.1.8.8:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.8_pre3:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre1:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre2:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre3:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre4:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre5:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre7:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre8:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre9:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre10:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre11:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre12:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre13:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre14:::::::*
	cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre15:::::::*

History

No history.

Information

Published : 2001-07-10 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2001-1322

Mitre link : CVE-2001-1322

CVE.ORG link : CVE-2001-1322

JSON object : View

Products Affected

xinetd

xinetd

CWE

NVD-CWE-Other

{"id": "CVE-2001-1322", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-07-10T04:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404", "source": "cve@mitre.org"}, {"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2001/dsa-063", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/6657.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3", "source": "cve@mitre.org"}, {"url": "http://www.linuxsecurity.com/advisories/other_advisory-1469.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2001-075.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/2826", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask."}], "lastModified": "2008-09-10T19:10:15.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C378594-2892-4A0E-807D-D5201E6D465F"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.8_pre3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B2FE666-D220-40DB-9CCC-9D5978F077A6"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD1A836-2393-47A6-A333-F753955CAE45"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9F7C502-3D84-43FC-8633-393FA7B34B9F"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BBBC08F-6400-4EFE-ACA8-906D2DFBFAA3"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7C5181F-9846-4963-B7E0-5F05B4A89E2E"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBE2F81B-0F25-49A8-8FFD-A57336BB7AFB"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05D59F2-E5C6-4F44-A0F1-DFC721537329"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35256395-7F58-49A4-A0BE-B15E91AAE0A2"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D829D13-3A94-4453-8879-1022D2C9DCEA"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1701D2B9-C710-4DA8-B495-DD06B3832C69"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F86093-41F8-42C5-872A-50F4FB2BF55F"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14574242-9C09-4E11-B4AF-18D7BF1860FB"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EFCE997-358F-4ACF-B979-C20826D883C3"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6A1F6C-29CC-453A-9F71-5DA6DD406F3C"}, {"criteria": "cpe:2.3:a:xinetd:xinetd:2.1.8.9_pre15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DDE939-F6B8-48A8-BA60-EE381EE0657C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}