Репозитории ALT
| S: | 2.3.15-alt6 |
| 5.1: | 2.3.14-alt3 |
| 4.1: | 2.3.14-alt3 |
| 4.0: | 2.3.14-alt2 |
| 3.0: | 2.3.13-alt4 |
Группа :: Система/Основа
Пакет: xinetd
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: xinetd-2.3.15-up-CVE-2013-4342.patch
Скачать
Скачать
From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
From: Thomas Swan <thomas.swan@gmail.com>
Date: Wed, 2 Oct 2013 23:17:17 -0500
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
TCPMUX services
Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
---
xinetd/builtins.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xinetd/builtins.c b/xinetd/builtins.c
index 3b85579..34a5bac 100644
--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
if( SC_IS_INTERNAL( scp ) ) {SC_INTERNAL(scp, nserp);
} else {- exec_server(nserp);
+ child_process(nserp);
}
}