Launchpad has imported 15 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=790940.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-02-15T19:10:31+00:00 vdanen wrote: Thomas Swan reported a service disclosure flaw in xinetd. xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port. In order for enabled services handled by xinetd to be exposed via the tcpmux port, the tcpmux-server service must be enabled (by default it is disabled). The tcpmux-server should only ever expose services with the 'type = TCPMUX' or 'type = TCPMUXPLUS' configuration options set. To reproduce: - enable tcpmux-server - restart xinetd - telnet localhost 1 - type service name of a running service (e.g. cvspserver) The service will be launched and respond on the port: # telnet localhost 1 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. cvspserver cvs [pserver aborted]: bad auth protocol start: There is no upstream fix for this as of yet. [1] http://tools.ietf.org/html/rfc1078 Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/0 ------------------------------------------------------------------------ On 2012-02-16T15:26:49+00:00 vdanen wrote: Acknowledgements: Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/1 ------------------------------------------------------------------------ On 2012-05-09T14:27:31+00:00 scorneli wrote: Created attachment 583311 Patch for CVE-2012-0862 as provided by Thomas Swan of FedEx. Reviewed by a former xinetd upstream maintainer and the current Red Hat xinetd maintainer. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/2 ------------------------------------------------------------------------ On 2012-05-09T15:32:37+00:00 scorneli wrote: Now public via: http://www.openwall.com/lists/oss-security/2012/05/09/5 Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/3 ------------------------------------------------------------------------ On 2012-05-09T15:34:32+00:00 scorneli wrote: Created xinetd tracking bugs for this issue Affects: fedora-all [bug 820318] Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/4 ------------------------------------------------------------------------ On 2012-05-17T06:51:46+00:00 jsynacek wrote: Already fixed in f17 and f18 by http://lists.fedoraproject.org/pipermail/scm-commits/2012-May/781809.html Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/5 ------------------------------------------------------------------------ On 2012-05-23T17:42:50+00:00 vdanen wrote: This is corrected in upstream 2.3.15. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/6 ------------------------------------------------------------------------ On 2012-05-29T10:23:38+00:00 updates wrote: xinetd-2.3.14-47.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/7 ------------------------------------------------------------------------ On 2012-05-29T10:28:08+00:00 updates wrote: xinetd-2.3.14-37.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/8 ------------------------------------------------------------------------ On 2013-02-21T07:43:43+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0499 https://rhn.redhat.com/errata/RHSA-2013-0499.html Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/13 ------------------------------------------------------------------------ On 2013-03-06T00:24:37+00:00 jskeoch wrote: GSS are requesting further information regards the ETA for this update being provided to RHEL 5, can you contact John Jong Bae Ko <j...@redhat.com> and provide additional details. I am setting need info but please contact John directly as he does not have visibility of this BZ. John Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/14 ------------------------------------------------------------------------ On 2013-09-19T05:08:35+00:00 thomas.swan wrote: Created attachment 799731 updated, simpler patch I believe that child_process not exec_server should be called. This does not affect the existing behaviour of other exec_server calls. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/17 ------------------------------------------------------------------------ On 2013-09-19T05:12:20+00:00 thomas.swan wrote: disregard last update and patch. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/18 ------------------------------------------------------------------------ On 2013-09-30T22:04:14+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1302 https://rhn.redhat.com/errata/RHSA-2013-1302.html Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/19 ------------------------------------------------------------------------ On 2013-10-01T04:46:40+00:00 huzaifas wrote: Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Reply at: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/comments/20 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1016505 Title: CVE-2012-0862: enables unintentional services over tcpmux port To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/1016505/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
