Xinetd Zero String Length Buffer Overflow Vulnerability

The possibility for a buffer overflow condition exists in the xinetd daemon.

The problem is the result of the improper handling of string data in some internal functions used by xinetd. A buffer overflow could occur when a length argument with a value less than or equal to zero is passed to one of these functions. If successfully exploited, an attacker would gain root privileges on the affected host. It may also be possible for attackers to crash xinetd, which would result in a denial of service for all services started by the daemon.

Update: It has been reported that some vendor fixes may not completely eliminate this vulnerability. Concerned administrators are advised to install the 2.3.3 version now available for download from the Xinetd homepage.


Privacy Statement
Copyright 2010, SecurityFocus