Mandriva Linux Security Advisory : xinetd (MDVSA-2013:057)
Medium Nessus Plugin ID 66071
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA security issue was identified and fixed in xinetd :
builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 (CVE-2012-0862).
The updated packages have been upgraded to the 2.3.15 version which is not vulnerble to this issue.
SolutionUpdate the affected xinetd and / or xinetd-simple-services packages.