GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Inetutils | Gnu | * | 2.4 (including) |