FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e11955ca-187c-11e2-be36-00215af774f0xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

Thomas Swan reports:

xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 [1], if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port.


Discovery 2012-02-15
Entry 2012-10-17
xinetd
< 2.3.15

CVE-2012-0862
https://bugzilla.redhat.com/show_bug.cgi?id=790940
5c34664f-2c2b-11e3-87c2-00215af774f0xinetd -- ignores user and group directives for TCPMUX services

xinetd would execute configured TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).


Discovery 2005-08-23
Entry 2013-10-03
xinetd
< 2.3.15_1

CVE-2013-4342
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
https://bugzilla.redhat.com/show_bug.cgi?id=1006100