xinetd: Privilege escalation — GLSA 201611-06

A vulnerability in xinetd could lead to privilege escalation.

Affected packages

sys-apps/xinetd on all architectures
Affected versions < 2.3.15-r2
Unaffected versions >= 2.3.15-r2

Background

xinetd is a secure replacement for inetd.

Description

Xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root.

Impact

Attackers could escalate privileges outside of the running process.

Workaround

There is no known workaround at this time.

Resolution

All xinetd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --verbose --oneshot ">=sys-apps/xinetd-2.3.15-r2"
 

References

Release date
November 15, 2016

Latest revision
November 15, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries