|
Family: Debian Local Security Checks --> Category: infos
[DSA063] DSA-063-1 xinetd Vulnerability Scan
Vulnerability Scan Summary DSA-063-1 xinetd
Detailed Explanation for this Vulnerability Test
zen-parse reported on bugtraq that there is a possible buffer overflow
in the logging code from xinetd. This could be triggered by using a
fake identd that returns special replies when xinetd does an ident
request.
Another problem is that xinetd sets it umask to 0. As a result any
programs that xinetd start that are not careful with file permissions
will create world-writable files.
Both problems have been fixed in version 2.1.8.8.p3-1.1.
Solution : http://www.debian.org/security/2001/dsa-063
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|