Vulnerabilities > CVE-2002-0871 - Denial Of Service vulnerability in Xinetd Open File Descriptor

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
xinetd
nessus

Summary

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.

Vulnerable Configurations

Part Description Count
Application
Xinetd
3

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-053.NASL
    descriptionA vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd.
    last seen2020-06-01
    modified2020-06-02
    plugin id61918
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61918
    titleMandrake Linux Security Advisory : xinetd (MDKSA-2002:053)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2002:053. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61918);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-0871");
      script_xref(name:"MDKSA", value:"2002:053");
    
      script_name(english:"Mandrake Linux Security Advisory : xinetd (MDKSA-2002:053)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was discovered by Solar Designer in xinetd. File
    descriptors for the signal pipe that were introduced in version 2.3.4
    are leaked into services started by xinetd, which can then be used to
    talk to xinetd, resulting in a crash of xinetd."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xinetd and / or xinetd-ipv6 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xinetd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xinetd-ipv6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/08/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"xinetd-2.3.7-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"xinetd-ipv6-2.3.7-1.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-151.NASL
    descriptionSolar Designer found a vulnerability in xinetd, a replacement for the BSD derived inetd. File descriptors for the signal pipe introduced in version 2.3.4 are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in crashing it entirely. This is usually called a denial of service. This problem has been fixed by the package maintainer in version 2.3.4-1.2 for the current stable distribution (woody) and in version 2.3.7-1 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id14988
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14988
    titleDebian DSA-151-1 : xinetd - pipe exposure
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-151. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14988);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-0871");
      script_bugtraq_id(5458);
      script_xref(name:"DSA", value:"151");
    
      script_name(english:"Debian DSA-151-1 : xinetd - pipe exposure");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Solar Designer found a vulnerability in xinetd, a replacement for the
    BSD derived inetd. File descriptors for the signal pipe introduced in
    version 2.3.4 are leaked into services started from xinetd. The
    descriptors could be used to talk to xinetd resulting in crashing it
    entirely. This is usually called a denial of service.
    
    This problem has been fixed by the package maintainer in version
    2.3.4-1.2 for the current stable distribution (woody) and in version
    2.3.7-1 for the unstable distribution (sid). The old stable
    distribution (potato) is not affected, since it doesn't contain the
    signal pipe."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2002/dsa-151"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the xinetd packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xinetd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"xinetd", reference:"2.3.4-1.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Redhat

advisories
  • rhsa
    idRHSA-2002:196
  • rhsa
    idRHSA-2003:228