Pambuyo pa miyezi ya 14 ya chitukuko, GNU inetutils 2.5 yatulutsidwa, yomwe ili ndi mapulogalamu ochezera a pa Intaneti, omwe ambiri amatengedwa kuchokera ku machitidwe a BSD. Makamaka, imaphatikizapo innetd ndi syslogd, ma seva ndi makasitomala a ftp, telnet, rsh, rlogin, tftp, ndi kulankhula, komanso zofunikira monga ping, ping6, traceroute, whois, hostname, dnsdomainname, ifconfig, logger, ndi zina.
Mtundu watsopanowu umakonza chiwopsezo (CVE-2023-40303) mumapulogalamu a suid ftpd, rcp, rlogin, rsh, rshd, ndi uucpd. Chiwopsezo ichi chimayamba chifukwa chosowa kutsimikizira kwazinthu zomwe zabwezedwa ndi setuid(), setgid(), seteuid(), ndi setguid() function. Chiwopsezochi chitha kugwiritsidwa ntchito kuti apange zinthu zomwe kuyimba foni set*id() sikulephera kuyikanso mwayi, kulola kuti pulogalamuyo ipitilize kugwira ntchito ndi mwayi wapamwamba ndikuchita ntchito pansi pamwayi womwe poyamba udali woperekedwa kwa ogwiritsa ntchito opanda mwayi. Mwachitsanzo, ngati kuyitana kwa set*d() sikulephera, njira za ftpd, uucpd, ndi rshd, zomwe zimayambitsidwa ndi mwayi wa mizu, zidzapitiriza kugwiritsa ntchito mwayi wa mizu pambuyo poyambira.
Kuphatikiza pa kukonza zofooka ndi zolakwika zazing'ono, mtundu watsopano wa ping6 umawonjezera kuthandizira mauthenga a ICMPv6 ndi chidziwitso chokhudza kusapezeka kwa omwe akuwatsata ("komwe akupita kosafikirika", RFC 4443).
Source: opennet.ru
