Advisories ยป MGASA-2013-0302

Updated xinetd package fixes security vulnerability

Publication date: 09 Oct 2013
Modification date: 09 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4342

Description

It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This flaw
could cause the associated services to run as root. If there was a flaw in
such a service, a remote attacker could use it to execute arbitrary code
with the privileges of the root user (CVE-2013-4342).
                

References

SRPMS

2/core

3/core