Launchpad CVE tracker

CVE 2012-0862

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Related bugs and status

CVE-2012-0862 (Candidate) is related to these bugs:

Bug #1016505: CVE-2012-0862: enables unintentional services over tcpmux port

		In	Importance	Status
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu)	Low	Fix Released
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Debian)	Unknown	Fix Released
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Lucid)	Low	Won't Fix
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Quantal)	Low	Fix Released
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Precise)	Low	Won't Fix
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Hardy)	Low	Won't Fix
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Natty)	Low	Won't Fix
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Ubuntu Oneiric)	Low	Won't Fix
1016505	CVE-2012-0862: enables unintentional services over tcpmux port	xinetd (Fedora)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0862

References