Debian Security Advisory

xinetd -- bug in access control mechanism

Date Reported:
19 Jun 2000
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2000-0536.
More information:
Certain versions of xinetd have a bug in the access control mechanism. If you use a hostname to control access to a service ( localhost instead of ), xinetd will allow any connection from hosts that fail a reverse look-up.

The version of xinetd in Debian 2.1 (slink) does not support the access control mechanism and is not vulnerable to this problem. (Those testing Debian 2.2--potato--should upgrade to at least version