Headline
Ubuntu Security Notice USN-6304-1
Ubuntu Security Notice 6304-1 - It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS It was discovered that Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information, or execute arbitrary code.
=========================================================================
Ubuntu Security Notice USN-6304-1
August 22, 2023
inetutils vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Inetutils could be made to crash or execute arbitrary code.
Software Description:
- inetutils: File Transfer Protocol client
Details:
It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash. This issue
only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-39028)
It was discovered that Inetutils incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information,
or execute arbitrary code.
(CVE-2023-40303)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
inetutils-telnetd 2:2.4-2ubuntu1.1
inetutils-tools 2:2.4-2ubuntu1.1
Ubuntu 22.04 LTS:
inetutils-telnetd 2:2.2-2ubuntu0.1
inetutils-tools 2:2.2-2ubuntu0.1
Ubuntu 20.04 LTS:
inetutils-telnetd 2:1.9.4-11ubuntu0.2
inetutils-tools 2:1.9.4-11ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6304-1
CVE-2022-39028, CVE-2023-40303
Package Information:
https://launchpad.net/ubuntu/+source/inetutils/2:2.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/inetutils/2:2.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/inetutils/2:1.9.4-11ubuntu0.2
Related news
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.