Fixed
Created: Aug 15, 2023
Updated: Mar 13, 2025
Resolved Date: Sep 12, 2023
Found In Version: 10.21.20.1
Fix Version: 10.21.20.20
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CREATE(Triage):(User=admin) CVE-2023-40303 (https://nvd.nist.gov/vuln/detail/CVE-2023-40303)
