Vulnerabilities > CVE-2001-0763 - Buffer Overflow vulnerability in Xinetd

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

debian

suse

nessus

exploit available

NVD

Published: 2001-10-18

Updated: 2018-05-03

Summary

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Vulnerable Configurations

Part	Description	Count
OS	Debian Debian Debian Linux - Debian Debian Linux 0.9.1 Debian Debian Linux 0.9.2 Debian Debian Linux 0.9.3 Debian Debian Linux 0.9.4 Debian Debian Linux 0.93 Debian Debian Linux 1.1 Debian Debian Linux 1.2 Debian Debian Linux 1.3 Debian Debian Linux 1.3.1 Debian Debian Linux 2.0 Debian Debian Linux 2.0.5 Debian Debian Linux 2.0.34 Debian Debian Linux 2.1 Debian Debian Linux 2.1.8.8.P3-1.1	15
OS	Suse Suse Suse Linux 6.0 Suse Suse Linux 6.1 Suse Suse Linux 6.2 Suse Suse Linux 6.3 Suse Suse Linux 6.4 Suse Suse Linux 7.0 Suse Suse Linux 7.1 Suse Suse Linux 7.2	8

Exploit-Db

description	Xinetd 2.1.8 Buffer Overflow Vulnerability. CVE-2001-0763. Remote exploit for linux platform
id	EDB-ID:20908
last seen	2016-02-02
modified	2001-06-28
published	2001-06-28
reporter	qitest1
source	https://www.exploit-db.com/download/20908/
title	Xinetd 2.1.8 - Buffer Overflow Vulnerability

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-063.NASL
description	zen-parse reported on bugtraq that there is a possible buffer overflow in the logging code from xinetd. This could be triggered by using a fake identd that returns special replies when xinetd does an ident request. Another problem is that xinetd sets it umask to 0. As a result any programs that xinetd start that are not careful with file permissions will create world-writable files. Both problems have been fixed in version 2.1.8.8.p3-1.1.
last seen	2020-06-01
modified	2020-06-02
plugin id	14900
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14900
title	Debian DSA-063-1 : xinetd - change default umask
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-063. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14900); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0763", "CVE-2001-1322"); script_bugtraq_id(2826, 2840); script_xref(name:"DSA", value:"063"); script_name(english:"Debian DSA-063-1 : xinetd - change default umask"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "zen-parse reported on bugtraq that there is a possible buffer overflow in the logging code from xinetd. This could be triggered by using a fake identd that returns special replies when xinetd does an ident request. Another problem is that xinetd sets it umask to 0. As a result any programs that xinetd start that are not careful with file permissions will create world-writable files. Both problems have been fixed in version 2.1.8.8.p3-1.1." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-063" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected xinetd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xinetd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"xinetd", reference:"2.1.8.8.p3-1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories

rhsa

id	RHSA-2001:075

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Redhat

References