July 12, 2001

FreeBSD advisory for xinted

Author: JT Smith

"The xinetd port, versions prior to xinetd-2.3.0, contains a
potentially exploitable buffer overflow in the logging routines.
If xinetd is configured to log the userid of remote clients obtained
via the RFC1413 ident service, a remote user may be able to cause
xinetd to crash by returning a specially-crafted ident response. This
may also potentially execute arbitrary code as the user running
xinetd, normally root." Full details at LinuxSecurity.com.


  • Linux
Click Here!