1*4882a593SmuzhiyunFrom 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Thomas Swan <thomas.swan@gmail.com> 3*4882a593SmuzhiyunDate: Wed, 2 Oct 2013 23:17:17 -0500 4*4882a593SmuzhiyunSubject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for 5*4882a593Smuzhiyun TCPMUX services 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunOriginally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunSigned-off-by: Peter Korsgaard <peter@korsgaard.com> 10*4882a593Smuzhiyun--- 11*4882a593Smuzhiyun xinetd/builtins.c | 2 +- 12*4882a593Smuzhiyun 1 file changed, 1 insertion(+), 1 deletion(-) 13*4882a593Smuzhiyun 14*4882a593Smuzhiyundiff --git a/xinetd/builtins.c b/xinetd/builtins.c 15*4882a593Smuzhiyunindex 3b85579..34a5bac 100644 16*4882a593Smuzhiyun--- a/xinetd/builtins.c 17*4882a593Smuzhiyun+++ b/xinetd/builtins.c 18*4882a593Smuzhiyun@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) 19*4882a593Smuzhiyun if( SC_IS_INTERNAL( scp ) ) { 20*4882a593Smuzhiyun SC_INTERNAL(scp, nserp); 21*4882a593Smuzhiyun } else { 22*4882a593Smuzhiyun- exec_server(nserp); 23*4882a593Smuzhiyun+ child_process(nserp); 24*4882a593Smuzhiyun } 25*4882a593Smuzhiyun } 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun-- 28*4882a593Smuzhiyun2.20.1 29*4882a593Smuzhiyun 30