Package: xinetd Version: 1:2.1.8.8.p3-2 Severity: grave Tags: security woody
This version of xinetd does NOT incorporate the 000 umask vulnerability patched in potato. To test this i created a fake telnet service which runs a shell script that echos the umask into a newly created file, the file was created mode 0666 and the umask written to the file was 0000. xinetd was stopped and started from a root shell having a 022 umask. -- System Information Debian Release: testing/unstable Architecture: powerpc Kernel: Linux ash 2.4.4-3b #2 Mon Jul 30 05:24:57 CDT 2001 ppc Locale: LANG=C, LC_CTYPE=C Versions of packages xinetd depends on: ii dpkg 1.9.16 Package maintenance system for Deb ii libc6 2.2.3-6 GNU C Library: Shared libraries an ii libwrap0 7.6-8.2 Wietse Venema's TCP wrappers libra ii netbase 4.06 Basic TCP/IP networking system
