CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40303 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2023-40303
14 Aug 2023 — GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected U... • http://www.openwall.com/lists/oss-security/2023/12/30/4 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40491
https://notcve.org/view.php?id=CVE-2021-40491
03 Sep 2021 — The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. El cliente ftp en GNU Inetutils versiones anteriores a 2.2, no comprueba las direcciones devueltas por las respuestas PASV/LSPV para asegurarse de que coinciden con la dirección del servidor. Esto es similar a CVE-2020-8284 para curl • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 92%CPEs: 21EXPL: 8CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
25 Dec 2011 — Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v... • https://packetstorm.news/files/id/180955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2004-1485
https://notcve.org/view.php?id=CVE-2004-1485
31 Dec 2004 — Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. • http://marc.info/?l=bugtraq&m=109882085912915&w=2 •