SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Xinetd Vendors:   Red Hat
(HP Issues Fix) RedHat's Xinetd Networking Daemon Package May Allow Remote Users to Execute Arbitrary Code as Root and Allow Local Users to Modify System Files
SecurityTracker Alert ID:  1001898
SecurityTracker URL:  http://securitytracker.com/id/1001898
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 2 2001
Impact:   Execution of arbitrary code via network, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.1.8.9pre15-2
Description:   Red Hat reports a vulnerability in earlier versions of their Xinetd package that allows local users to modify some system files and may allow remote users to execute arbitrary code on the server with root-level privileges.

It is reported that Xinetd runs with umask 0, meaning that applications using the xinetd umask and not setting the permissions themselves will create world writable files, which may not have been intended.

This could allow local users to modify system files, potentially leading to further exploit scenarios.

It is also reported that there is a potential buffer overflow vulnerability that may allow remote users to execute code on the server with root-level privileges (see the Message History for details on this vulnerability).
Impact:   A local user can modify some files that were created by applications using Xinetd's umask. A remote user can cause a buffer overflow on the server while the Xinetd service is running with root-level privileges, potentially allowing for remote code execution.
Solution:   The vendor has released a fix. See the Source Message for the vendor's advisory containing directions on how to obtain the appropriate fix.
Vendor URL:  www.redhat.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   UNIX (HP/UX)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 6 2001 RedHat's Xinetd Networking Daemon Package May Allow Remote Users to Execute Arbitrary Code as Root and Allow Local Users to Modify System Files


 Source Message Contents
Date:  Mon, 2 Jul 2001 04:31:12 -0700 (PDT)
Subject:  security bulletins digest



Document ID:  HPSBUX0104-148
Date Loaded:  20010701
      Title:  Sec. Vulnerability in xntpd(1M) (revised 02)

-------------------------------------------------------------------------
**REV02**HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0148, 06 Apr. '01
Last Revised: 02 July '01
-------------------------------------------------------------------------

The information in the following Security Bulletin should be acted upon
as soon as possible.  Hewlett-Packard Company will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------
PROBLEM:  The HP-UX NTP daemon (xntpd) contains an exploitable
          vulnerability.

PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.XX and 11.XX.

SOLUTION: Install the appropriate patch as described below.

DAMAGE:   Possible denial of service.

SOLUTION: **REVISED 01**
           Install the appropriate patch for HP-UX releases as
           described below.

           10.01, 10.10, 10.20         PHNE_23717;
--->>      10.24                       PHNE_24076;
           11.00                       PHNE_23697;
--->>      11.04                       PHNE_24077;
           11.11                       PHNE_22722.

AVAILABILITY: All patches are available now.

CHANGE SUMMARY: Rev.01 Patch solution provided.
                Rev.02 VVOS patches identified.
-------------------------------------------------------------------------

   A. Background
      A buffer overflow has been discovered on various Unix-derived
      operating systems in its NTP daemon.  Hewlett-Packard Company
      ships xntpd on HP-UX releases and has determined that it too,
      is vulnerable.

**REVISED 02**
   B. Recommended solution
      Hewlett-Packard Company recommends that the following patches
      be installed as appropriate, and that customers look at
      /etc/ntp.conf.exam for suggested configuration information.
      For the following releases of HP-UX, use:

           10.01, 10.10, 10.20         PHNE_23717;
---->>     10.24                       PHNE_24076;
           11.00                       PHNE_23697;
---->>     11.04                       PHNE_24077;
           11.11                       PHNE_22722.


   C. To subscribe to automatically receive future NEW HP Security
      Bulletins from the HP IT Resource Center via electronic mail,
      do the following:

      Use your browser to get to the HP IT Resource Center page
      at:

       http://itrc.hp.com

      Under the Maintenance and Support Menu:
      click on the "more..." link.  Then -

      Use the 'Login' tab at the left side of the screen to login
      using your ID and password.  Check with your system
      administrator to see if you have an existing login or use
      the "Register" button at the left to create a login.  You
      will need to login in order to gain access to many areas of
      the ITRC. Remember to save the User ID assigned to you, and
      your password.

      Under the Maintenance and Support Menu, click on the "more..."
      link.  Under the "Notifications" section (near the bottom of
      the page), select "Support Information Digests".

      To -subscribe- to future HP Security Bulletins or other
      Technical Digests, click the check box (in the left column)
      for the appropriate digest and then click the "Update
      Subscriptions" button at the bottom of the page.

      or

      To -review- bulletins already released, select the link
      (in the middle column) for the appropriate digest.

      To -gain access- to the Security Patch Matrix, select
      the link for "hp security bulletins archive" near the bottom.
      Once in the archive the top link is to our current Security
      Patch Matrix.  Updated daily, this matrix categorizes security
      patches by platform/OS release, and by bulletin topic.

      The security patch matrix is also available via anonymous ftp:

      ftp.itrc.hp.com:~ftp/export/patches/hp-ux_patch_matrix

      On the "Support Information Digest Main" page:
      click on the "HP Security Bulletin Archive".

   D. To report new security vulnerabilities, send email to

      security-alert@hp.com

      Please encrypt any exploit information using the security-alert
      PGP key, available from your local key server, or by sending a
      message with a -subject- (not body) of 'get key' (no quotes) to
      security-alert@hp.com.

      Permission is granted for copying and circulating this Bulletin
      to Hewlett-Packard (HP) customers (or the Internet community)
      for the purpose of alerting them to problems, if and only if,
      the Bulletin is not edited or changed in any way, is attributed
      to HP, and provided such reproduction and/or distribution is
      performed for non-commercial purposes.

      Any other use of this information is prohibited. HP is not
      liable for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID:  HPSBUX0104-148--------------------------------------


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC