Debian Security Advisory
xinetd -- bug in access control mechanism
- Date Reported:
- 19 Jun 2000
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0536.
- More information:
- Certain versions of xinetd have a bug in the access
control mechanism. If you use a hostname to control access to a service (
localhost instead of 127.0.0.1 ), xinetd will allow any connection from hosts
that fail a reverse look-up.
The version of xinetd in Debian 2.1 (slink) does not support the access control mechanism and is not vulnerable to this problem. (Those testing Debian 2.2--potato--should upgrade to at least version 22.214.171.124.p3-1.)