SB2025093017 - Ubuntu update for inetutils

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025093017

SB2025093017 - Ubuntu update for inetutils

Published: September 30, 2025

Security Bulletin ID SB2025093017
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2019-0053)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of environment variables when connecting via the telnet client to remote telnet servers. A local authenticated attacker can trigger stack-based buffer overflow, bypass veriexec restrictions and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability only affects the telnet client - accessible from the CLI or shel.


2) Buffer overflow (CVE-ID: CVE-2020-10188)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary involving the netclear and nextitem functions within the utility.c in telnetd daemon from netkit telnet. A remote attacker can end specially crafted data to the telnetd daemon, trigger a boundary error and execute arbitrary code on the target system.


3) NULL pointer dereference (CVE-ID: CVE-2022-39028)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in telnetd daemon. A remote attacker can trigger NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8 and crash telnetd.


4) Unchecked return value (CVE-ID: CVE-2023-40303)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd while the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. A local user can abuse this situation and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References