vuln-list-alt/oval/c9f2/ALT-PU-2018-2252/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20182252",
      "Version": "oval:org.altlinux.errata:def:20182252",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-2252: package `xinetd` update to version 2.3.15-alt4",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-2252",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-2252",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2015-07635",
            "RefURL": "https://bdu.fstec.ru/vul/2015-07635",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2015-07636",
            "RefURL": "https://bdu.fstec.ru/vul/2015-07636",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2015-09055",
            "RefURL": "https://bdu.fstec.ru/vul/2015-09055",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2015-09056",
            "RefURL": "https://bdu.fstec.ru/vul/2015-09056",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2013-4342",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4342",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades xinetd to version 2.3.15-alt4. \nSecurity Fix(es):\n\n * BDU:2015-07635: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07636: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09055: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09056: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-4342: xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.\n\n * #34566: Configuration file /lib/systemd/system/xinetd.service is marked executable",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-08-30"
          },
          "Updated": {
            "Date": "2018-08-30"
          },
          "BDUs": [
            {
              "ID": "BDU:2015-07635",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-264",
              "Href": "https://bdu.fstec.ru/vul/2015-07635",
              "Impact": "High",
              "Public": "20131007"
            },
            {
              "ID": "BDU:2015-07636",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-264",
              "Href": "https://bdu.fstec.ru/vul/2015-07636",
              "Impact": "High",
              "Public": "20131007"
            },
            {
              "ID": "BDU:2015-09055",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-264",
              "Href": "https://bdu.fstec.ru/vul/2015-09055",
              "Impact": "High",
              "Public": "20131007"
            },
            {
              "ID": "BDU:2015-09056",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-264",
              "Href": "https://bdu.fstec.ru/vul/2015-09056",
              "Impact": "High",
              "Public": "20131007"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2013-4342",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-264",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4342",
              "Impact": "High",
              "Public": "20131010"
            }
          ],
          "Bugzilla": [
            {
              "ID": "34566",
              "Href": "https://bugzilla.altlinux.org/34566",
              "Data": "Configuration file /lib/systemd/system/xinetd.service is marked executable"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182252001",
                "Comment": "xinetd is earlier than 0:2.3.15-alt4"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182252002",
                "Comment": "xinetd-devel is earlier than 0:2.3.15-alt4"
              }
            ]
          }
        ]
      }
    }
  ]
}