SB2023082317 - Privilege escalation in GNU inetutils

Description

This security bulletin contains information about 1 vulnerability.

1) Unchecked return value (CVE-ID: CVE-2023-40303)

CWE-ID: CWE-252 - Unchecked Return Value

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd while the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. A local user can abuse this situation and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
• https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6