CVE-2012-0862

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xinetd:xinetd:*:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:xinetd:xinetd:2.3.13:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-06-04 20:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-0862

Mitre link : CVE-2012-0862

CVE.ORG link : CVE-2012-0862


JSON object : View

Products Affected

xinetd

  • xinetd
CWE
CWE-20

Improper Input Validation