CVE-2013-4342
Public on 2013-10-10
Modified on 2014-09-16
Description
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | xinetd | 2013-10-16 | ALAS-2013-232 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 7.6 | AV:N/AC:H/Au:N/C:C/I:C/A:C |
| NVD | CVSSv2 | 7.6 | AV:N/AC:H/Au:N/C:C/I:C/A:C |