Mandrake Linux Security Advisory : xinetd (MDKSA-2003:056)

Medium Nessus Plugin ID 14040


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. Because of this bug, an attacker could crash the xinetd server, making unavailable all of the services it controls. Other flaws were also discovered that could cause incorrect operation in certain strange configurations.

These issues have been fixed upstream in xinetd version 2.3.11 which are provided in this update.


Update the affected xinetd and / or xinetd-ipv6 packages.

Plugin Details

Severity: Medium

ID: 14040

File Name: mandrake_MDKSA-2003-056.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xinetd, p-cpe:/a:mandriva:linux:xinetd-ipv6, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/05/14

Reference Information

CVE: CVE-2003-0211

MDKSA: 2003:056