oss-sec mailing list archives
Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
From: Christian Fischer <christian.fischer () greenbone net>
Date: Thu, 22 Jan 2026 11:25:31 +0100
Hello, On 1/20/26 3:00 PM, Simon Josefsson wrote:
If someone can allocated a CVE, we will add it in future release notes.
it seems https://www.cve.org/CVERecord?id=CVE-2026-24061 got assigned by MITRE to this now:
> telnetd in GNU Inetutils through 2.7 allows remote authentication > bypass via a "-f root" value for the USER environment variable.
Current thread:
- GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Simon Josefsson (Jan 20)
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Alexander Bochmann (Jan 20)
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Jakub Wilk (Jan 21)
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Christian Fischer (Jan 22)
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Demi Marie Obenour (Jan 22)
- <Possible follow-ups>
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Paul Ducklin (Jan 28)
- Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Alexander Bochmann (Jan 20)