CVE-2013-4342

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1409.html
https://bugzilla.redhat.com/show_bug.cgi?id=1006100	Exploit Patch
https://github.com/xinetd-org/xinetd/pull/10
https://security.gentoo.org/glsa/201611-06

Configurations

Configuration 1 (hide)

cpe:2.3:a:xinetd:xinetd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

History

No history.

Information

Published : 2013-10-10 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4342

Mitre link : CVE-2013-4342

CVE.ORG link : CVE-2013-4342

JSON object : View

Products Affected

redhat

enterprise_linux

xinetd

xinetd

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4342", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-10T00:55:14.960", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/xinetd-org/xinetd/pull/10", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201611-06", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."}, {"lang": "es", "value": "xinetd no fuerza la directriz de configuraci\u00f3n del usuario y grupo para servicios TCPMUX, lo que provoca que estos servicios sean ejecutados como root y hacer m\u00e1s sencillo para atacantes remotos obtener privilegios mediante el aprovechamiento de otra vulnerabilidad en un servicio."}], "lastModified": "2023-02-13T04:46:45.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xinetd:xinetd:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43ECBCF4-C433-4177-A0B4-6E560ED2B720"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}