CVE-2001-1389
CVSS7.5
发布时间 :2001-08-29 00:00:00
修订时间 :2016-10-17 22:14:51
NMCOS    

[原文]Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.


[CNNVD]xinetd存在多个安全漏洞(CNNVD-200108-148)

        CVE(CAN) ID: CAN-2001-1389
        
        
        
        Xinetd 是Inernet Service daemon(inetd)的一个新的实现,它已经成为一些较新版本的
        
        Unix操作系统基本软件的一部分。
        
        
        
        它的2.3以及以前版本中存在很多安全问题。其中一些问题可能导致远程拒绝服务或者攻
        
        击者远程获取root权限。
        
        
        
        上述问题是Solar Designer在一次代码安全审计中发现的。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:xinetd:xinetd:2.1.8.8_pre3
cpe:/a:xinetd:xinetd:2.3.0
cpe:/a:xinetd:xinetd:2.1.8.9_pre1
cpe:/a:xinetd:xinetd:2.1.8.9_pre15
cpe:/a:xinetd:xinetd:2.1.8.9_pre14
cpe:/a:xinetd:xinetd:2.1.8.9_pre13
cpe:/a:xinetd:xinetd:2.1.8.9_pre12
cpe:/a:xinetd:xinetd:2.1.8.9_pre11
cpe:/a:xinetd:xinetd:2.1.8.9_pre10
cpe:/a:xinetd:xinetd:2.1.8.9_pre8
cpe:/a:xinetd:xinetd:2.1.8.9_pre9
cpe:/a:xinetd:xinetd:2.1.8.9_pre7
cpe:/a:xinetd:xinetd:2.1.8.8
cpe:/a:xinetd:xinetd:2.1.8.9_pre5
cpe:/a:xinetd:xinetd:2.1.8.9_pre2
cpe:/a:xinetd:xinetd:2.1.8.9_pre3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1389
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1389
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-148
(官方数据源) CNNVD

- 其它链接及资源

http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01
(UNKNOWN)  IMMUNIX  IMNX-2001-70-033-01
http://marc.info/?l=bugtraq&m=99913751525583&w=2
(UNKNOWN)  BUGTRAQ  20010830 xinetd 2.3.0 audit status
http://rhn.redhat.com/errata/RHSA-2001-109.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2001:109
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2001:076
http://www.securityfocus.com/bid/3257
(UNKNOWN)  BID  3257

- 漏洞信息

xinetd存在多个安全漏洞
高危 未知
2001-08-29 00:00:00 2005-10-20 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-1389
        
        
        
        Xinetd 是Inernet Service daemon(inetd)的一个新的实现,它已经成为一些较新版本的
        
        Unix操作系统基本软件的一部分。
        
        
        
        它的2.3以及以前版本中存在很多安全问题。其中一些问题可能导致远程拒绝服务或者攻
        
        击者远程获取root权限。
        
        
        
        上述问题是Solar Designer在一次代码安全审计中发现的。
        
        
        
        

- 公告与补丁

        1. Linux-Mandrake (
        http://www.linux-mandrake.com/en/security/
)为此发布了一份安全公告 :
        
        MDKSA-2001:076 - xinetd update
        
        
        
        补丁下载 -
        
        ________________________________________________________________________
        
        Linux-Mandrake 7.2:
        
        a2173e85bed3b3173e040b242864dcc0 7.2/RPMS/xinetd-2.3.0-5.2mdk.i586.rpm
        
        5b8663eeeefae36206b0003d61b67206 7.2/SRPMS/xinetd-2.3.0-5.2mdk.src.rpm
        
        
        
        Mandrake Linux 8.0:
        
        2f559b028fe14780460c37de5a521bce 8.0/RPMS/xinetd-2.3.0-5.1mdk.i586.rpm
        
        81766c2104aa7e1f197dac9dce1c09af 8.0/RPMS/xinetd-ipv6-2.3.0-5.1mdk.i586.rpm
        
        3f18d89cce258d2a71cc57c84068c8ce 8.0/SRPMS/xinetd-2.3.0-5.1mdk.src.rpm
        
        
        
        Mandrake Linux 8.0 (PPC):
        
        3826a60dc427f880056622df0ef086db ppc/8.0/RPMS/xinetd-2.3.0-5.1mdk.ppc.rpm
        
        223c5c1566adacb46d95de1a24842c19 ppc/8.0/RPMS/xinetd-ipv6-2.3.0-5.1mdk.ppc.rpm
        
        3e1b86780d9f59088754cbca5ff55a08 ppc/8.0/SRPMS/xinetd-2.3.0-5.1mdk.src.rpm
        
        
        
        Single Network Firewall 7.2:
        
        a2173e85bed3b3173e040b242864dcc0 snf7.2/RPMS/xinetd-2.3.0-5.2mdk.i586.rpm
        
        5b8663eeeefae36206b0003d61b67206 snf7.2/SRPMS/xinetd-2.3.0-5.2mdk.src.rpm
        
        ________________________________________________________________________
        
        
        
        2. Immunix (
        http://immunix.org/
)为此发布了一份安全公告 :
        
        IMNX-2001-70-033-01 - ImmunixOS 7.0 update for xinetd
        
        
        
        补丁下载 -
        
        ________________________________________________________________________
        
         Precompiled binary packages for Immunix 7.0 are available at:
        
        
        http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/xinetd-2.3.3-1_imnx.i386.rpm

        
        
        
         Source package for Immunix 7.0 is available at:
        
        
        http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/xinetd-2.3.3-1_imnx.src.rpm

        
        
        
        Immunix OS 7.0 md5sums:
        
         654c1aa4337fbb5752e80d173b186266 RPMS/xinetd-2.3.3-1_imnx.i386.rpm
        
         2e992bf61ab5439f18e3740a502dc050 SRPMS/xinetd-2.3.3-1_imnx.src.rpm
        
        ________________________________________________________________________
        
        
        
        3. CONECTIVA LINUX (
        http://www.conectiva.com
)为此发布了一份安全公告 :
        
        
        
        [CLA-2001:416] Conectiva Linux Security Announcement - xinetd
        
        
        
        补丁下载 -
        
        ________________________________________________________________________
        
        
        
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/xinetd-2.3.2-1U60_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/xinetd-2.3.2-1U60_1cl.i386.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/xinetd-devel-2.3.2-1U60_1cl.i386.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/xinetd-devel-static-2.3.2-1U60_1cl.i386.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/xinetd-2.3.2-1U70_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/xinetd-2.3.2-1U70_1cl.i386.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/xinetd-devel-static-2.3.2-1U70_1cl.i386.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/xinetd-devel-2.3.2-1U70_1cl.i386.rpm
        
        ________________________________________________________________________

- 漏洞信息

10387
xinetd Unspecified Remote Overflows
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-08-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Xinetd Vulnerabilities
Unknown 3257
Yes No
2001-08-29 12:00:00 2009-07-11 07:56:00
These vulnerabilities were discovered during an audit of Xinetd by Solar Designer <solar@openwall.com>.

- 受影响的程序版本

Xinetd Xinetd 2.3
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Immunix Immunix OS 7.0
Xinetd Xinetd 2.1.8 .9pre9
+ RedHat Linux 7.0
Xinetd Xinetd 2.1.8 .9pre8
Xinetd Xinetd 2.1.8 .9pre7
Xinetd Xinetd 2.1.8 .9pre6
Xinetd Xinetd 2.1.8 .9pre5
Xinetd Xinetd 2.1.8 .9pre3
Xinetd Xinetd 2.1.8 .9pre2
Xinetd Xinetd 2.1.8 .9pre15
+ Immunix Immunix OS 7.0 beta
+ Immunix Immunix OS 7.0
Xinetd Xinetd 2.1.8 .9pre14
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1
Xinetd Xinetd 2.1.8 .9pre13
Xinetd Xinetd 2.1.8 .9pre12
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
Xinetd Xinetd 2.1.8 .9pre11
+ Conectiva Linux 6.0
Xinetd Xinetd 2.1.8 .9pre10
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
Xinetd Xinetd 2.1.8 .9pre1
Xinetd Xinetd 2.1.8 .8pre3
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
Xinetd Xinetd 2.1.8 .8
Xinetd Xinetd 2.3.3
Xinetd Xinetd 2.3.2
Xinetd Xinetd 2.3.1

- 不受影响的程序版本

Xinetd Xinetd 2.3.3
Xinetd Xinetd 2.3.2
Xinetd Xinetd 2.3.1

- 漏洞讨论

Xinetd is a recent implementation of the Internet service 'super-daemon', known as 'inetd'. It is shipped with some versions of Linux by default.

During a recent audit, a number of possible security vulnerabilities were uncovered. In addition, it was revealed that some vendor fixes for Bugtraq ID 2971 may not completely eliminate the vulnerability.

Exploitation of the conditions discovered during the audit could lead to a denial of service or remote root compromise.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Version 2.3.3 is available for download.

Red Hat, Conectiva, MandrakeSoft and Immunix have released fixed packages.


Xinetd Xinetd 2.1.8 .9pre5

Xinetd Xinetd 2.1.8 .9pre15

Xinetd Xinetd 2.1.8 .9pre7

Xinetd Xinetd 2.1.8 .9pre12

Xinetd Xinetd 2.1.8 .9pre9

Xinetd Xinetd 2.1.8 .9pre2

Xinetd Xinetd 2.1.8 .9pre11

Xinetd Xinetd 2.1.8 .9pre3

Xinetd Xinetd 2.1.8 .9pre8

Xinetd Xinetd 2.1.8 .9pre13

Xinetd Xinetd 2.1.8 .8pre3

Xinetd Xinetd 2.1.8 .9pre6

Xinetd Xinetd 2.1.8 .9pre10

Xinetd Xinetd 2.1.8 .9pre1

Xinetd Xinetd 2.1.8 .8

Xinetd Xinetd 2.1.8 .9pre14

Xinetd Xinetd 2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站