{
  "threat_severity" : "Low",
  "public_date" : "2012-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "xinetd: enables unintentional services over tcpmux port",
    "id" : "790940",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=790940"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1." ],
  "statement" : "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Thomas Swan (FedEx) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-09-30T00:00:00Z",
    "advisory" : "RHSA-2013:1302",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xinetd-2:2.3.14-19.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-20T00:00:00Z",
    "advisory" : "RHSA-2013:0499",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xinetd-2:2.3.14-38.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-0862\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0862" ],
  "name" : "CVE-2012-0862",
  "csaw" : false
}