Detections
Analytics

MiracleLinux 4 : xinetd-2.3.14-38.AXS4 (AXSA:2013-131:01)

critical Nessus Plugin ID 289175

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-131:01 advisory.

 Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of- access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and lets you bind specific services to specific IP addresses on your host machine. Each service has its own specific configuration file for Xinetd; the files are located in the /etc/xinetd.d directory.
 Security issues fixed with this release:
 CVE-2012-0862 builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.
 Fixed bugs:
 Previously, when xinetd was under heavy load, some file descriptors could remain open. The system log would also fill up with many messages, ending up taking a lot of space over time. This has been fixed.
 Previsouly, xinetd permanently disabled services when their CPS limit was reached, leading to potential failed bind operations when xinetd restarted the service. To fix this, services are now disabled only after 30 failures.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected xinetd package.

See Also

https://tsn.miraclelinux.com/en/node/3759

Plugin Details

Severity: Critical

ID: 289175

File Name: miracle_linux_AXSA-2013-131.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-0862

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:xinetd, cpe:/o:miracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/8/2013

Vulnerability Publication Date: 5/29/2012

Reference Information

CVE: CVE-2012-0862