Privilege escalation in GNU inetutils
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-40303 |
| CWE-ID | CWE-252 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Inetutils - GNU network utilities Universal components / Libraries / Libraries used by multiple products |
| Vendor | GNU |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unchecked return value
EUVDB-ID: #VU79879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-40303
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd while the setuid system call fails when a process is trying to drop privileges
before letting an ordinary user control the activities of the process. A local user can abuse this situation and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsInetutils - GNU network utilities: 1.4.0 - 2.4
CPE2.3- cpe:2.3:a:gnu:inetutils:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:inetutils:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:inetutils:1.4.2:*:*:*:*:*:*:*
https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
