GNU Inetutils 1.9

CPE Details

GNU Inetutils 1.9
gnu
inetutils
1.9
2019-12-16
18h17 +00:00
2019-12-16
18h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:inetutils:1.9:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

inetutils

Version

1.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-40303 2023-08-13 22h00 +00:00 GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
7.8
High
CVE-2022-39028 2022-08-29 22h00 +00:00 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
7.5
High
CVE-2021-40491 2021-09-02 22h00 +00:00 The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
6.5
Medium