Xinetd File Descriptor Leak May Allow a Remote User to Cause the Daemon to Crash
|
|
SecurityTracker Alert ID: 1005143
|
|
CVE Reference: CVE-2002-0871
(Links to External Site)
|
Updated: Feb 21 2004
|
Original Entry Date: Aug 27 2002
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.3.4 - 2.3.6
|
Description: A denial of service vulnerability was reported in xinetd. A remote user may be able to cause xinetd to crash.
It is reported that there is a file descriptor leak in xinetd. A signal pipe could leak into child processes.
No further details were provided.
The vendor credits Solar Designer with reporting this flaw.
|
Impact: A remote user may be able to cause the daemon to crash.
|
Solution: The vendor has released a fixed version (2.3.7), available at:
http://www.xinetd.org/
|
Vendor URL: www.xinetd.org/ (Links to External Site)
|
Cause: Resource error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 27 Aug 2002 00:59:47 -0400
Subject: Xinetd vulnerability
|
http://www.xinetd.org/
Version 2.3.7
A file descriptor leak was reported in versions 2.3.4 - 2.3.6 by Solar
Designer. It is reported that the co-maintainer has indicated that the
worst case impact is that a local user could cause xinetd to crash.
>From the changelog:
* Added fixes or workarounds for issues introduced after 2.3.3 including
the signal pipe leak into child processes (a security hole). -Solar
Designer
|
|
