Vulnerabilities > CVE-2023-40303 - Unchecked Return Value vulnerability in GNU Inetutils
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/12/30/4
- http://www.openwall.com/lists/oss-security/2023/12/30/4
- https://ftp.gnu.org/gnu/inetutils/
- https://ftp.gnu.org/gnu/inetutils/
- https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
- https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
- https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
- https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
- https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html