[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] xinetd DoS



Topic
=====
denial-of-service (DoS) vulnerability in xinetd

Problem Description
===================
Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal
pipe to services that are launched by xinetd. This could allow an attacker
to execute a DoS attack via the pipe.

Affected Systems
================
xinetd versions < 2.3.7

Solution
========
upgrade to version 2.3.7 or later (but see comment for RedHat below) or
patched version for your distribution

RedHat
------
RedHat had released in October xinetd version 2.3.9. That version
turned out to be so buggy that they had to downgrade xinetd to
version 2.3.7.

*** if you are using check-rpms to upgrade your RedHat Linux machines
*** and "rpm -q xinetd" shows that you have xinetd-2.3.9 installed
*** check-rpms will not show that you have to "upgrade" to the newer
*** package xinetd-2.3.7. You must install this downgraded version
*** without using "check-rpms --update", but using 
*** rpm -Fvh xinetd-2.3.7-4.7x.i386.rpm

RedHat 7.x
----------
rpm -Fvh xinetd-2.3.7-4.7x.i386.rpm

RedHat 8.0
----------
rpm -Fvh xinetd-2.3.7-5.i386.rpm

Mandrake 8.2
------------
rpm -Fvh xinetd-2.3.7-1.1mdk.i586.rpm xinetd-ipv6-2.3.7-1.1mdk.i586.rpm

Debian 3.0 (woody)
------------------
upgrade to xinetd_2.3.4-1.2_i386.deb