Fixed
Created: Aug 14, 2023
Updated: Sep 27, 2023
Resolved Date: Sep 12, 2023
Found In Version: 10.23.30.1
Fix Version: 10.23.30.1(hotfix)
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CREATE(Triage):(User=admin) CVE-2023-40303 (https://nvd.nist.gov/vuln/detail/CVE-2023-40303)
