Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Inetutils
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4862 8 Debian, Fedoraproject, Freebsd and 5 more 10 Debian Linux, Fedora, Freebsd and 7 more 2024-11-21 10.0 HIGH N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2004-1485 2 Gnu, Tftp 2 Inetutils, Tftp 2024-11-20 7.5 HIGH N/A
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
CVE-2023-40303 1 Gnu 1 Inetutils 2024-02-28 N/A 7.8 HIGH
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
CVE-2022-39028 4 Debian, Gnu, Mit and 1 more 4 Debian Linux, Inetutils, Kerberos 5 and 1 more 2024-02-28 N/A 7.5 HIGH
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
CVE-2021-40491 2 Debian, Gnu 2 Debian Linux, Inetutils 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.