GNU Inetutils 2.3

CPE Details

GNU Inetutils 2.3
2.3
2022-09-02
10h52 +00:00
2022-09-03
01h59 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:inetutils:2.3:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

inetutils

Version

2.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-40303 2023-08-13 22h00 +00:00 GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
7.8
High
CVE-2022-39028 2022-08-29 22h00 +00:00 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
7.5
High