summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2013-12-05 17:52:17 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-02-09 11:04:14 +0000
commita64da6a9b3321fb722241294343a5aa41bc6658e (patch)
treefc942a2071d2c99c324e086174bbb82133b998d8 /meta/recipes-extended
parentf2921bdf511ec6f6e95e84c8138518009d374ccf (diff)
downloadpoky-a64da6a9b3321fb722241294343a5aa41bc6658e.tar.gz
xinetd: CVE-2013-4342
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 the patch come from: https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff (From OE-Core master rev: c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9) (From OE-Core rev: 478b7f533c6664f1e4cab9950f257d927d32bb28) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch32
-rw-r--r--meta/recipes-extended/xinetd/xinetd_2.3.15.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..0542dbe835
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
1xinetd: CVE-2013-4342
2
3xinetd does not enforce the user and group configuration directives
4for TCPMUX services, which causes these services to be run as root
5and makes it easier for remote attackers to gain privileges by
6leveraging another vulnerability in a service.
7http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
8
9the patch come from:
10https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
11
12Signed-off-by: Li Wang <li.wang@windriver.com>
13---
14 xinetd/builtins.c | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/xinetd/builtins.c b/xinetd/builtins.c
18index 3b85579..34a5bac 100644
19--- a/xinetd/builtins.c
20+++ b/xinetd/builtins.c
21@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
22 if( SC_IS_INTERNAL( scp ) ) {
23 SC_INTERNAL(scp, nserp);
24 } else {
25- exec_server(nserp);
26+ child_process(nserp);
27 }
28 }
29
30--
311.7.9.5
32
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
index 797657083e..0e281722e5 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \
16 file://Various-fixes-from-the-previous-maintainer.patch \ 16 file://Various-fixes-from-the-previous-maintainer.patch \
17 file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \ 17 file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
18 file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \ 18 file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
19 file://xinetd-CVE-2013-4342.patch \
19 " 20 "
20 21
21SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c" 22SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-10 04:34:07 +0000