Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要通读整篇文章,抓住关键点。 文章讲的是GNU InetUtils telnetd的一个严重安全漏洞,已经存在了近11年。这个漏洞的CVE编号是CVE-2026-24061,CVSS评分高达9.8分,影响从1.9.3到2.7的所有版本。攻击者可以通过设置USER环境变量为"-f root"来绕过认证,获得root权限。 漏洞是由于telnetd没有对USER变量进行清理,直接传递给login工具,而login的-f参数可以绕过认证。这个漏洞是在2015年引入的,直到2026年才被发现。已经有多个IP尝试利用这个漏洞进行攻击。 总结的时候要包括:漏洞名称、影响范围、评分、攻击方式、原因、发现时间以及当前的攻击情况。控制在100字以内,所以需要简洁明了。 可能的结构: GNU InetUtils telnetd存在严重漏洞(CVE-xxx),影响多个版本,CVSS 9.8分。攻击者利用USER变量中的"-f root"绕过认证获取root权限。漏洞因未清理输入引入,已发现多IP尝试攻击。 这样应该能涵盖所有要点,并且符合用户的要求。 </think> GNU InetUtils telnetd 存在严重安全漏洞(CVE-2026-24061),影响 1.9.3 至 2.7 版本。攻击者可通过设置 USER 环境变量为 "-f root" 绕过认证获取 root 权限。该漏洞因未对输入进行清理而引入,已发现 21 个 IP 尝试利用此漏洞发起攻击。 2026-1-22 16:30:0 Author: thehackernews.com(查看原文) 阅读量:1 收藏

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years.

The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7.

"Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a '-f root' value for the USER environment variable," according to a description of the flaw in the NIST National Vulnerability Database (NVD).

In a post on the oss-security mailing list, GNU contributor Simon Josefsson said the vulnerability can be exploited to gain root access to a target system -

The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.

If the client supply [sic] a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.

This happens because the telnetd server do [sic] not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication.

Cybersecurity

Josefsson also noted that the vulnerability was introduced as part of a source code commit made on March 19, 2015, which eventually made it to version 1.9.3 release on May 12, 2015. Security researcher Kyu Neushwaistein (aka Carlos Cortes Alvarez) has been credited with discovering and reporting the flaw on January 19, 2026.

As mitigations, it's advised to apply the latest patches and restrict network access to the telnet port to trusted clients. As temporary workarounds, users can disable telnetd server, or make the InetUtils telnetd use a custom login(1) tool that does not permit use of the '-f' parameter, Josefsson added.

Data gathered by threat intelligence firm GreyNoise shows that 21 unique IP addresses have been observed attempting to execute a remote authentication bypass attack by leveraging the flaw over the past 24 hours. All the IP addresses, which originate from Hong Kong, the U.S., Japan, the Netherlands, China, Germany, Singapore, and Thailand, have been flagged as malicious.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html
如有侵权请联系:admin#unsafe.sh