This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Thomas Swan reports :
xinetd allows for services to be configured with the TCPMUX or
TCPMUXPLUS service types, which makes those services available on port
1, as per RFC 1078 , if the tcpmux-server service is enabled. When
the tcpmux-server service is enabled, xinetd would expose _all_
enabled services via the tcpmux port, instead of just the configured
service(s). This could allow a remote attacker to bypass firewall
restrictions and access services via the tcpmux port.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3