d5abf5ff61
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Swan <thomas.swan@gmail.com>
|
|
Date: Wed, 2 Oct 2013 23:17:17 -0500
|
|
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
|
|
TCPMUX services
|
|
|
|
Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
|
|
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
---
|
|
xinetd/builtins.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
|
|
index 3b85579..34a5bac 100644
|
|
--- a/xinetd/builtins.c
|
|
+++ b/xinetd/builtins.c
|
|
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
|
|
if( SC_IS_INTERNAL( scp ) ) {
|
|
SC_INTERNAL(scp, nserp);
|
|
} else {
|
|
- exec_server(nserp);
|
|
+ child_process(nserp);
|
|
}
|
|
}
|
|
|
|
--
|
|
2.20.1
|
|
|