Gentoo Linux Advisory: xinetd

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------

PACKAGE        :xinetd
SUMMARY        :pipe exposure
DATE           :2002-08-14 08:40 UTC

- - --------------------------------------------------------------------

OVERVIEW

File descriptors introduced in 2.3.4 can be used to crash xinetd 
resulting in a denial of service.

DETAIL

Solar Designer found a vulnerability in xinetd, a replacement for the
BSD derived inetd.  File descriptors for the signal pipe introduced in
version 2.3.4 are leaked into services started from xinetd.  The
descriptors could be used to talk to xinetd resulting in crashing it
entirely.  This is usually called a denial of service.

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/xinetd-2.3.5 and earlier update their systems as follows.

emerge rsync
emerge xinetd
emerge clean

xinetd-2.3.7 is currently only available for x86. Sparc and ppc will
be available when it's been tested on these archs.

- - --------------------------------------------------------------------
Daniel Ahlberg
[email protected]
- - --------------------------------------------------------------------

Gentoo Linux Advisory: xinetd

Get the Free Newsletter!

Must Read

10 Best Free and Open Source Web-Based Bookmark Managers

How to Install Epic on Ubuntu and Other Linux Distros

What Trump’s and Musk’s Public Divorce Tells Us About the State of Tech

KDE Gear 25.04.2 Apps Collection Rolls Out, Here’s What’s New

8 Best Free and Open Source Diary Software

Our Brands