CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4342

HIGH
7.6
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile24.12th
PublishedOct 10, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

Affected Platforms (CPE)

πŸ“¦
Xinetd

Xinetd

All versions
πŸ’»
Redhat

Enterprise Linux

= 5
πŸ’»
Redhat

Enterprise Linux

= 6.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2013-1409.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1006100
πŸ”— https://github.com/xinetd-org/xinetd/pull/10
πŸ”— https://security.gentoo.org/glsa/201611-06
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-1409.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1006100
πŸ”— https://github.com/xinetd-org/xinetd/pull/10
πŸ”— https://security.gentoo.org/glsa/201611-06

Related Vulnerabilities

CVE-2001-082510.0

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary command...

CVE-2017-124779.8

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has a...

CVE-2000-05367.5

xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not ha...

CVE-2001-13897.5

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a d...