Joined: 12 May 2004
|Posted: Tue Nov 15, 2016 8:26 am Post subject: [ GLSA 201611-06 ] xinetd
|Gentoo Linux Security Advisory
Title: xinetd: Privilege escalation (GLSA 201611-06)
Date: November 15, 2016
A vulnerability in xinetd could lead to privilege escalation.
xinetd is a secure replacement for inetd.
Vulnerable: < 2.3.15-r2
Unaffected: >= 2.3.15-r2
Architectures: All supported architectures
Xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root.
Attackers could escalate privileges outside of the running process.
There is no known workaround at this time.
All xinetd users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --verbose --oneshot ">=sys-apps/xinetd-2.3.15-r2"