Sicherheit: Ausführen beliebiger Kommandos in xinetd

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1381414540-2618-3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:248
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : xinetd
Date : October 10, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Updated xinetd package fixes security vulnerability:

It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This
flaw could cause the associated services to run as root. If there was
a flaw in such a service, a remote attacker could use it to execute
arbitrary code with the privileges of the root user (CVE-2013-4342).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
http://advisories.mageia.org/MGASA-2013-0302.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
7976fe68c2fbf71a2df62a39f2128fe2
mes5/i586/xinetd-2.3.14-9.2mdvmes5.2.i586.rpm
5cf2234e84b17e0a281523cab4a5c7d5
mes5/i586/xinetd-simple-services-2.3.14-9.2mdvmes5.2.i586.rpm
b6b4f88ddde0c620305f561e0763e062
mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
56b91a23fb44b3464e1d7efa852211a1
mes5/x86_64/xinetd-2.3.14-9.2mdvmes5.2.x86_64.rpm
81cfdaeae19dc5c65572147fc054c092
mes5/x86_64/xinetd-simple-services-2.3.14-9.2mdvmes5.2.x86_64.rpm
b6b4f88ddde0c620305f561e0763e062
mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
71c6525d8fd04f94fcf6bfc9fefd5ead
mbs1/x86_64/xinetd-2.3.15-1.1.mbs1.x86_64.rpm
386144202dbe1cd6f4a3cab2cbce77c1
mbs1/x86_64/xinetd-simple-services-2.3.15-1.1.mbs1.x86_64.rpm
d36307cca323809a2af5903761acccd2 mbs1/SRPMS/xinetd-2.3.15-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSVom8mqjQ0CJFipgRAuiwAKC+inrDgN2oEvpG4qZQjL0W8g48gQCdGSjd
FcITRUBzVmGhwlzn3W1T9XQ=
=VyVe
-----END PGP SIGNATURE-----

------------=_1381414540-2618-3
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

------------=_1381414540-2618-3--