[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] remote root exploit in xinetd
- To: linux-security
- Subject: [linux-security] remote root exploit in xinetd
- From: Martin Siegert <siegert@sfu.ca>
- Date: Tue, 10 Jul 2001 13:22:36 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
A string handling bug in xinetd can potentially lead to a remote root exploit.
A different buffer overflow exists in the logging code that can (!!) be
remotely exploited.
Problem Description
===================
1) xinetd string handling functions fail to do bound checking on strings
with lengths less than or equal zero. This bug has the potential for a remote
root exploit (no exploit has been published yet).
2) There exists a different buffer overflow in the logging code of xinetd
that can be exploited by an attacker who sets up a fake identd server.
An exploit has been published for this bug!
Hence, it is strongly advised to upgrade to version 2.3.0 immediately.
Affected Systems
================
Linux systems that use xinetd versions < 2.3.0 (e.g., RH 7.x)
Not Affected
============
Linux systems that use inetd (e.g., RH 6.x)
Workaround
==========
uninstall xinetd, install inetd if necessary
(this may require some work since RH 7.x packages may require xinetd; but
nevertheless it may be worthwhile: xinetd is a huge program that has shown
a lot of security problems lately).
(it is a good question to ask why several distributions switched to
xinetd in the first place).
Solution
========
upgrade to version 2.3.0
RedHat 7.x
----------
rpm -Fvh xinetd-2.3.0-1.71.i386.rpm
Mandrake 7.2
------------
rpm -Fvh xinetd-2.3.0-1.2mdk.i586.rpm
Mandrake 8.0
------------
rpm -Fvh xinetd-2.3.0-1.1mdk.i586.rpm xinetd-ipv6-2.3.0-1.1mdk.i586.rpm
Debian 2.2 (potato)
-------------------
update to xinetd_2.1.8.8.p3-1.1_i386.deb
(note that this update only fixes bug 2.)