Mushure memwedzi gumi nemina yebudiriro, iyo GNU inetutils 14 suite yakaburitswa ine muunganidzwa wemapurogiramu etiweki, mazhinji acho akatamiswa kubva kuBSD masisitimu. Kunyanya, inosanganisira inetd uye syslogd, maseva uye vatengi ve ftp, telnet, rsh, rlogin, tftp uye kutaura, pamwe chete neakajairika zvinoshandiswa senge ping, ping2.5, traceroute, whois, hostname, dnsdomainname, ifconfig, logger, nezvimwe. .P.
Iyo vhezheni nyowani inobvisa kusagadzikana (CVE-2023-40303) muzvirongwa zve suid ftpd, rcp, rlogin, rsh, rshd uye uucpd, zvichikonzerwa nekushaikwa kwekusimbisa kukosha kwakadzoserwa nesetuid (), setgid (), seteuid () uye setguid () mabasa. Kusagadzikana kunogona kushandiswa kugadzira mamiriro apo kufona set*id() kusingazogadzirise kodzero uye application icharamba ichishanda neropafadzo dzakakwirira uye kuita mashandiro ari pasi pawo ayo akatanga akagadzirirwa kushanda nekodzero dzemushandisi asina rusarura. Semuenzaniso, ftpd, uucpd, uye rshd maitiro anomhanya semudzi acharamba achimhanya semudzi mushure mekunge masesheni evashandisi atanga kana set*d() yatadza.
Pamusoro pekubvisa kusakuvara uye zvikanganiso zvidiki, iyo vhezheni itsva inowedzera tsigiro yeICMPv6 mameseji neruzivo nezvekusasvikika kweanorongerwa ("nzvimbo isingasvikike", RFC 6) kune ping4443 utility.
Source: opennet.ru