Priv Esc in GNU inetutils <2.5 via set*id() in ftpd, rcp, rlogin
CVE-2023-40303 Published on August 14, 2023

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

NVD

Products Associated with CVE-2023-40303

stack.watch emails you whenever new vulnerabilities are published in GNU Inetutils or Canonical Ubuntu Linux. Just hit a watch button to start following.

GNU Inetutils

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.05%

Percentile

16.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Priv Esc in GNU inetutils <2.5 via set*id() in ftpd, rcp, rloginCVE-2023-40303 Published on August 14, 2023

Products Associated with CVE-2023-40303

Exploit Probability

Priv Esc in GNU inetutils <2.5 via set*id() in ftpd, rcp, rlogin
CVE-2023-40303 Published on August 14, 2023