Debian Security Advisory DSA 063-1 (xinetd)

The remote host is missing an update to xinetd announced via advisory DSA 063-1.
zen-parse reported on bugtraq that there is a possible buffer overflow in the logging code from xinetd. This could be triggered by using a fake identd that returns special replies when xinetd does an ident request. Another problem is that xinetd sets it umask to 0. As a result any programs that xinetd start that are not careful with file permissions will create world-writable files. Both problems have been fixed in version .