Overview

File xinetd-CVE-2013-4342.patch of Package xinetd

From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
From: Thomas Swan <thomas.swan@gmail.com>
Date: Wed, 2 Oct 2013 23:17:17 -0500
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
 TCPMUX services

Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
---
 xinetd/builtins.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xinetd-2.3.14/xinetd/builtins.c
===================================================================
--- xinetd-2.3.14.orig/xinetd/builtins.c	2014-02-25 14:38:03.754473556 +0100
+++ xinetd-2.3.14/xinetd/builtins.c	2014-02-25 14:38:03.760473625 +0100
@@ -615,7 +615,7 @@ static void tcpmux_handler( const struct
    if( SC_IS_INTERNAL( scp ) ) {
       SC_INTERNAL(scp, nserp);
    } else {
-      exec_server(nserp);
+      child_process(nserp);
    }
 }
openSUSE Build Service is sponsored by
Places