All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit branch/2020.02.x] package/xinetd: add upstream security fix for CVE-2013-4342
@ 2020-12-11 10:22 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2020-12-11 10:22 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=eed59b9e3d34862c7c26a01bf1dcc4729e00922b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.02.x

xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root and makes it
easier for remote attackers to gain privileges by leveraging another
vulnerability in a service.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d5abf5ff6188593dfc701decf8d33d38a924b45b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...42-xinetd-ignores-user-and-group-directiv.patch | 29 ++++++++++++++++++++++
 package/xinetd/xinetd.mk                           |  3 +++
 2 files changed, 32 insertions(+)

diff --git a/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch b/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch
new file mode 100644
index 0000000000..bb2ee1fc9a
--- /dev/null
+++ b/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch
@@ -0,0 +1,29 @@
+From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
+From: Thomas Swan <thomas.swan@gmail.com>
+Date: Wed, 2 Oct 2013 23:17:17 -0500
+Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
+ TCPMUX services
+
+Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+    if( SC_IS_INTERNAL( scp ) ) {
+       SC_INTERNAL(scp, nserp);
+    } else {
+-      exec_server(nserp);
++      child_process(nserp);
+    }
+ }
+ 
+-- 
+2.20.1
+
diff --git a/package/xinetd/xinetd.mk b/package/xinetd/xinetd.mk
index a2ba10df74..6d6767766b 100644
--- a/package/xinetd/xinetd.mk
+++ b/package/xinetd/xinetd.mk
@@ -9,6 +9,9 @@ XINETD_SITE = $(call github,xinetd-org,xinetd,xinetd-$(XINETD_VERSION))
 XINETD_LICENSE = xinetd license
 XINETD_LICENSE_FILES = COPYRIGHT
 
+# 0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch
+XINETD_IGNORE_CVES += CVE-2013-4342
+
 XINETD_CFLAGS = $(TARGET_CFLAGS)
 
 # Three cases here:

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-12-11 10:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-11 10:22 [Buildroot] [git commit branch/2020.02.x] package/xinetd: add upstream security fix for CVE-2013-4342 Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.