[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] remote root exploit in xinetd



Topic
=====
A string handling bug in xinetd can potentially lead to a remote root exploit.
A different buffer overflow exists in the logging code that can (!!) be
remotely exploited.

Problem Description
===================
1) xinetd string handling functions fail to do bound checking on strings
with lengths less than or equal zero. This bug has the potential for a remote
root exploit (no exploit has been published yet). 

2) There exists a different buffer overflow in the logging code of xinetd
that can be exploited by an attacker who sets up a fake identd server.
An exploit has been published for this bug!

Hence, it is strongly advised to upgrade to version 2.3.0 immediately.

Affected Systems
================
Linux systems that use xinetd versions < 2.3.0 (e.g., RH 7.x)

Not Affected
============
Linux systems that use inetd (e.g., RH 6.x)

Workaround
==========
uninstall xinetd, install inetd if necessary
(this may require some work since RH 7.x packages may require xinetd; but
nevertheless it may be worthwhile: xinetd is a huge program that has shown
a lot of security problems lately).
(it is a good question to ask why several distributions switched to
xinetd in the first place).

Solution
========
upgrade to version 2.3.0

RedHat 7.x
----------
rpm -Fvh xinetd-2.3.0-1.71.i386.rpm

Mandrake 7.2
------------
rpm -Fvh xinetd-2.3.0-1.2mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh xinetd-2.3.0-1.1mdk.i586.rpm xinetd-ipv6-2.3.0-1.1mdk.i586.rpm

Debian 2.2 (potato)
-------------------
update to xinetd_2.1.8.8.p3-1.1_i386.deb
(note that this update only fixes bug 2.)