J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Xinetd Zero String Length Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

The possibility for a buffer overflow condition exists in the xinetd daemon.

The problem is the result of the improper handling of string data in some internal functions used by xinetd. A buffer overflow could occur when a length argument with a value less than or equal to zero is passed to one of these functions, possibly leading to stack corruption if excessive data is copied past the end of the buffer. An attacker may be able to execute arbitrary code by overwriting a function return address with a value pointing to supplied shellcode.

If successfully exploited, an attacker would gain root privileges on the affected host. It may also be possible for attackers to crash xinetd, which would result in a denial of service for all services started by the daemon.

Update: It has been reported that some vendor fixes may not completely eliminate this vulnerability. Concerned administrators are advised to install the 2.3.3 version now available for download from the Xinetd homepage.

Affected Products:

  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Immunix Immunix OS 7.0.0
  • Immunix Immunix OS 7.0.0 beta
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Single Network Firewall 7.2.0
  • RedHat Linux 7.0.0
  • RedHat Linux 7.1.0
  • Xinetd Xinetd 2.1.8 .8
  • Xinetd Xinetd 2.1.8 .8pre3
  • Xinetd Xinetd 2.1.8 .9pre1
  • Xinetd Xinetd 2.1.8 .9pre10
  • Xinetd Xinetd 2.1.8 .9pre11
  • Xinetd Xinetd 2.1.8 .9pre12
  • Xinetd Xinetd 2.1.8 .9pre13
  • Xinetd Xinetd 2.1.8 .9pre14
  • Xinetd Xinetd 2.1.8 .9pre15
  • Xinetd Xinetd 2.1.8 .9pre2
  • Xinetd Xinetd 2.1.8 .9pre3
  • Xinetd Xinetd 2.1.8 .9pre4
  • Xinetd Xinetd 2.1.8 .9pre5
  • Xinetd Xinetd 2.1.8 .9pre6
  • Xinetd Xinetd 2.1.8 .9pre7
  • Xinetd Xinetd 2.1.8 .9pre8
  • Xinetd Xinetd 2.1.8 .9pre9
  • Xinetd Xinetd 2.3.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.