CVE-2023-40303
published 2023-08-14CVE-2023-40303: GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | inetutils | < inetutils 2:2.4-2+deb12u1 (bookworm) | inetutils 2:2.4-2+deb12u1 (bookworm) |
| gnu | inetutils | <= 2.4 | — |
| gnu | inetutils | >= 0 < 2:2.0-1+deb11u2 | 2:2.0-1+deb11u2 |
| gnu | inetutils | >= 0 < 2:2.4-2+deb12u1 | 2:2.4-2+deb12u1 |
| gnu | inetutils | >= 0 < 2:2.4-3 | 2:2.4-3 |
| gnu | inetutils | >= 0 < 2:2.4-3 | 2:2.4-3 |
| gnu | inetutils | >= 0 < 2:1.9.4-11ubuntu0.2 | 2:1.9.4-11ubuntu0.2 |
| gnu | inetutils | >= 0 < 2:2.2-2ubuntu0.1 | 2:2.2-2ubuntu0.1 |
| gnu | inetutils | >= 0 < 2:1.9.2-1ubuntu0.1~esm2 | 2:1.9.2-1ubuntu0.1~esm2 |
| gnu | inetutils | >= 0 < 2:1.9.4-1ubuntu0.1~esm3 | 2:1.9.4-1ubuntu0.1~esm3 |
| gnu | inetutils | >= 0 < 2:1.9.4-3ubuntu0.1+esm2 | 2:1.9.4-3ubuntu0.1+esm2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH