CVE-2023-40303
- EPSS 0.04%
- Published 14.08.2023 05:15:10
- Last modified 21.11.2024 08:19:11
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is tryin...
CVE-2022-39028
- EPSS 0.4%
- Published 30.08.2022 05:15:08
- Last modified 21.11.2024 07:17:24
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain avai...
CVE-2021-40491
- EPSS 0.3%
- Published 03.09.2021 02:15:06
- Last modified 21.11.2024 06:24:14
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
- EPSS 92.41%
- Published 25.12.2011 01:55:02
- Last modified 11.04.2025 00:51:21
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to exec...