Bug 64237 - Errata update has backdoor
Errata update has backdoor
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: xinetd (Show other bugs)
7.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-29 22:26 EDT by Bob Shaffer
Modified: 2007-03-26 23:53 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-04-29 22:26:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Shaffer 2002-04-29 22:26:36 EDT
Description of Problem:
The most recent version of xinetd on the updates.redhat.com and mirror sites 
listens on a high number port (24452 I believe).  When I connected to this 
port using telnet, I found a shell with root access priveleges.  The loopback 
address was allowed to connect without any user or password.  All other 
addresses that I tried were immediately disconnected, but I only tried a few.

Version-Release number of selected component (if applicable):
xinetd-2.3.3-1

How Reproducible:
Install the package

Steps to Reproduce:
1. Install the package 
ftp://updates.redhat.com/7.0/en/os/i386/xinetd-2.3.3-1.i386.rpm
2. start xinetd (/etc/rc.d/init.d/xinetd start)
3. connect to the high number port it listens on (telnet localhost 24452)

Actual Results:
Root priveleges to anyone with shell access (and maybe more)

Expected Results:
A security update that improves security

Additional Information:
I found the same package in the 7.1 directory of the updates and didn't look 
at the 7.2 directory or any others.
Comment 1 Trond Eivind Glomsrxd 2002-04-30 10:51:16 EDT
Your system has been compromised in another way  - take a look at 
http://www.rvglug.org/pipermail/rvglug/2001-February/000436.html

The errata does not ship with this shell (nor does any other version).

A reinstall is recommended, followed by an immediate application of all current
errata.

Note You need to log in before you can comment on or make changes to this bug.