- - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :xinetd SUMMARY :pipe exposure DATE :2002-08-14 08:40 UTC - - -------------------------------------------------------------------- OVERVIEW File descriptors introduced in 2.3.4 can be used to crash xinetd resulting in a denial of service. DETAIL Solar Designer found a vulnerability in xinetd, a replacement for the BSD derived inetd. File descriptors for the signal pipe introduced in version 2.3.4 are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in crashing it entirely. This is usually called a denial of service. SOLUTION It is recommended that all Gentoo Linux users who are running sys-apps/xinetd-2.3.5 and earlier update their systems as follows. emerge rsync emerge xinetd emerge clean xinetd-2.3.7 is currently only available for x86. Sparc and ppc will be available when it's been tested on these archs. - - -------------------------------------------------------------------- Daniel Ahlberg [email protected] - - --------------------------------------------------------------------
Gentoo Linux Advisory: xinetd
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis