aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/xinetd
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2013-12-05 17:52:17 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-12-10 11:36:24 +0000
commitc6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9 (patch)
treef6575e66a0d917a10c55245ef008f0cdf265a0ae /meta/recipes-extended/xinetd
parent47388363f69bfbf5ed1816a9367627182ee10e88 (diff)
downloadopenembedded-core-contrib-c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9.tar.gz
openembedded-core-contrib-c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9.tar.bz2
openembedded-core-contrib-c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9.zip
xinetd: CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 the patch come from: https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/xinetd')
-rw-r--r--meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch32
-rw-r--r--meta/recipes-extended/xinetd/xinetd_2.3.15.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..0542dbe835
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
+xinetd: CVE-2013-4342
+
+xinetd does not enforce the user and group configuration directives
+for TCPMUX services, which causes these services to be run as root
+and makes it easier for remote attackers to gain privileges by
+leveraging another vulnerability in a service.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
+
+the patch come from:
+https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+ if( SC_IS_INTERNAL( scp ) ) {
+ SC_INTERNAL(scp, nserp);
+ } else {
+- exec_server(nserp);
++ child_process(nserp);
+ }
+ }
+
+--
+1.7.9.5
+
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
index 797657083e..0e281722e5 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \
file://Various-fixes-from-the-previous-maintainer.patch \
file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
+ file://xinetd-CVE-2013-4342.patch \
"
SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"