Comment 6 for bug 229343

same thing happening on my boxes here, also running Hardy. Another solution, though somewhat less secure (but OK for me since the scanner's only accessible to my LAN) is to just tell xinetd to run saned as root. On my box then, /etc/xinetd.d/saned reads:

service saned
{
socket_type = stream
server = /usr/sbin/saned
protocol = tcp
user = root
group = root
wait = no
disable = no
only_from = 10.1.1.2
}

This solved the issue for me, if a little bit of a brute force way to do it.