CVE-2023-40303 Information

Description

GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of setid() family functions in ftpd rcp rlogin rsh rshd and uucpd. This is for example relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

Reference

https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html https://ftp.gnu.org/gnu/inetutils/ https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6