FreeBSD : xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled (e11955ca-187c-11e2-be36-00215af774f0)
Medium Nessus Plugin ID 62612
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThomas Swan reports :
xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 , if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose _all_ enabled services via the tcpmux port, instead of just the configured service(s). This could allow a remote attacker to bypass firewall restrictions and access services via the tcpmux port.
SolutionUpdate the affected package.