Ka mor'a likhoeli tsa 14 tsa tsoelo-pele, GNU inetutils 2.5 suite e ile ea lokolloa ka pokello ea mananeo a marang-rang, ao boholo ba 'ona a neng a fetisitsoe ho tloha tsamaisong ea BSD. Haholo-holo, e kenyelletsa innetd le syslogd, li-server le bareki bakeng sa ftp, telnet, rsh, rlogin, tftp le puo, hammoho le lisebelisoa tse tloaelehileng tse kang ping, ping6, traceroute, whois, hostname, dnsdomainname, ifconfig, logger, joalo-joalo. .P.
Phetolelo e ncha e felisa ho ba kotsing (CVE-2023-40303) mananeong a suid ftpd, rcp, rlogin, rsh, rshd le uucpd, e bakoang ke khaello ea netefatso ea boleng bo khutlisitsoeng ke setuid(), setgid(), seteuid() le setguid() mesebetsi . Ho ba kotsing ho ka sebelisoa ho theha maemo ao call set*id() e ke keng ea hlophisa litokelo bocha mme sesebelisoa se tla tsoelapele ho sebetsa ka litokelo tse phahameng le ho etsa lits'ebetso tse tlas'a tsona tse neng li etselitsoe ho sebetsa ka litokelo tsa mosebelisi ea se nang tokelo. Mohlala, lits'ebetso tsa ftpd, uucpd, le rshd tse sebetsang joalo ka motso li tla tsoelapele ho sebetsa joalo ka motso ka mor'a hore mananeo a basebelisi a qale haeba set*d() se hloleha.
Ntle le ho felisa bofokoli le liphoso tse nyane, mofuta o mocha oa ts'ebeliso ea ping6 o eketsa ts'ehetso bakeng sa melaetsa ea ICMPv6 ka tlhaiso-leseling e mabapi le ho se fihlellehe ha moamoheli ea reriloeng ("sebaka se ke keng sa fihleloa", RFC 4443).
Source: opennet.ru