Search for vulnerabilities
Vulnerability details: VCID-9gr8-b5j3-aaae
Vulnerability ID VCID-9gr8-b5j3-aaae
Aliases CVE-2023-40303
Summary GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-252 Unchecked Return Value
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-40303
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-40303
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-40303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40303
https://ftp.gnu.org/gnu/inetutils/
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
http://www.openwall.com/lists/oss-security/2023/12/30/4
1049365 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049365
cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*
CVE-2023-40303 https://nvd.nist.gov/vuln/detail/CVE-2023-40303
USN-6304-1 https://usn.ubuntu.com/6304-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40303
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40303
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.