CVE-2013-4342

{"id": "CVE-2013-4342", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-10T00:55:14.960", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/xinetd-org/xinetd/pull/10", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201611-06", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/xinetd-org/xinetd/pull/10", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201611-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."}, {"lang": "es", "value": "xinetd no fuerza la directriz de configuraci\u00f3n del usuario y grupo para servicios TCPMUX, lo que provoca que estos servicios sean ejecutados como root y hacer m\u00e1s sencillo para atacantes remotos obtener privilegios mediante el aprovechamiento de otra vulnerabilidad en un servicio."}], "lastModified": "2024-11-21T01:55:23.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xinetd:xinetd:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43ECBCF4-C433-4177-A0B4-6E560ED2B720"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}