CVE-2001-1322

Current Description

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

Basic Data

PublishedJuly 10, 2001
Last ModifiedSeptember 10, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score3.6
SeverityLOW
Exploitability Score3.9
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationXinetdXinetd2.1.8.8*******
    2.3ApplicationXinetdXinetd2.1.8.8_pre3*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre1*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre2*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre3*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre4*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre5*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre7*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre8*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre9*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre10*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre11*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre12*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre13*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre14*******
    2.3ApplicationXinetdXinetd2.1.8.9_pre15*******

Vulnerable Software List

VendorProductVersions
Xinetd Xinetd 2.1.8.8, 2.1.8.8_pre3, 2.1.8.9_pre1, 2.1.8.9_pre10, 2.1.8.9_pre11, 2.1.8.9_pre12, 2.1.8.9_pre13, 2.1.8.9_pre14, 2.1.8.9_pre15, 2.1.8.9_pre2, 2.1.8.9_pre3, 2.1.8.9_pre4, 2.1.8.9_pre5, 2.1.8.9_pre7, 2.1.8.9_pre8, 2.1.8.9_pre9

References

NameSourceURLTags
CLA-2001:404http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404CONECTIVA
IMNX-2001-70-024-01http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01IMMUNIX
DSA-063http://www.debian.org/security/2001/dsa-063DEBIAN
xinetd-insecure-permissions(6657)http://www.iss.net/security_center/static/6657.phpXFVendor Advisory
MDKSA-2001:055http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3MANDRAKE
ESA-20010621-01http://www.linuxsecurity.com/advisories/other_advisory-1469.htmlENGARDEVendor Advisory
RHSA-2001:075http://www.redhat.com/support/errata/RHSA-2001-075.htmlREDHAT
2826http://www.securityfocus.com/bid/2826BID