GNU inetutils telnetd allows local privilege escalation

Summary

An unprivileged local user can exploit a vulnerability in GNU inetutils telnetd to gain elevated privileges on a system. This is possible by creating a specific file in a directory that telnetd uses to authenticate users. To mitigate this risk, ensure that telnetd is not running with elevated privileges and consider disabling it if not necessary for your system.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
gnu	inetutils	<= 2.7	–

Original title

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2...

Original description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

nvd CVSS3.1 7.8

Vulnerability type

CWE-829

https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=3953943d829631... Patch
https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html Exploit Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00012.html Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2026/02/24/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/02/27/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/03/06/2
http://www.openwall.com/lists/oss-security/2026/03/06/3
http://www.openwall.com/lists/oss-security/2026/03/07/1
http://www.openwall.com/lists/oss-security/2026/03/07/2