Gentoo: xinetd denial of service vulnerability
Posted by LinuxSecurity.com Team   
Gentoo Steve Stubb has discovered that xinetd leaks 144 bytes for every connection it rejects.

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-08
- - - ---------------------------------------------------------------------

          PACKAGE : xinetd
          SUMMARY : memory leak
             DATE : 2003-05-19 14:00 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =xinetd-2.3.11
              CVE : CAN-2003-0211

- - - ---------------------------------------------------------------------

Steve Stubb has discovered that xinetd leaks 144 bytes for every 
connection it rejects.

Read the full advisory at: 
http://marc.theaimsgroup.com/?l=bugtraq&m=105068673220605&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/xinetd upgrade to xinetd-2.3.11 as follows

emerge sync
emerge xinetd
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------