Linux Today: Linux News On Internet Time.

EnGarde Secure Linux Security Advisory: xinetd

Jun 29, 2001, 14:45 (0 Talkback[s])
| EnGarde Secure Linux Security Advisory                   June 21, 2001 |
| http://www.engardelinux.org/                           ESA-20010621-01 |
|                                                                        |
| Package:  xinetd                                                       |
| Summary:  There are various bugs and security issues in the version of |
|           xinetd that shipped with EnGarde Secure Linux 1.0.1.         |

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

  There are bugs (both security and non-security) in xinetd.  The
  non-security bug causes xinetd to fail after the first connection
  attempt and the security bug can potentially lead to a root comprimise
  via a buffer overflow.

  The first bug is a non-security one.  There were several reports on the
  engarde-users mailing list of vsftpd only accepting the first connection
  and dropping all subsequent ones.  The users had a "Bad address" entry
  from xinetd in their logs.  Rob Braun explains this problem:

    "The specific bug is in libs/src/misc/env.c, in the environment
     handling.  The grow() function does a realloc() to extend the
     existing memory.  The memory returned by realloc() is in an undefined
     state, and that's what is causing the bad address." 

  This bug was fixed by upgrading to version

  The other bugs are as follows:

    1) xinetd was setting its umask to 0.  Thus, any children of xinetd
       would inherit this umask.  This is not much of a security issue
       because the only service that is run out of xinetd is vsftpd, which
       sets its own umask (027 by default).

    2) There was a buffer overflow in the logging code that could
       potentially allow a remote attacker to obtain root privileges by
       sending a very long username string in response to an ident
       request.  This bug was found by zen-parse@gmx.net.

  Both of these bugs were fixed by upgrading to version

  Additionally, this version disables ident checking by default in
  xinetd.conf.  If you would like to disable ident checking completely
  (which is recommended), you should remove the "USERID" option from the
  "log_on_success" and "log_on_failure" lines of /etc/xinetd.d/ftp.

  All users should upgrade to the most recent version, as outlined in
  this advisory.  All updates can be found at:


  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh 

  Once the updated package is installed, you need to restart xinetd:

    # /etc/init.d/xinetd restart

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv 

  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

      MD5 Sum:  118787db019ca76f44dc00cdca67c36e

  Binary Packages:

      MD5 Sum:  a48c022c82055db97f415f3f18bdefcf

      MD5 Sum:  cc3e2a218918a1ff2c107b68d7cbe8b2


  Guardian Digital's public key:

  xinetd's Official Web Site:

$Id: ESA-20010621-01-xinetd,v 1.2 2001/06/29 13:56:38 rwm Exp $
Author: Ryan W. Maple,  
Copyright 2001, Guardian Digital, Inc.

Related Stories: