CyberSecurity News

Critical GNU InetUtils Flaw: Unauthenticated Vulnerability Allows

A critical remote authentication bypass vulnerability has been disclosed in GNU InetUtils, directly impacting its telnetd server component. The flaw, reported by a security researcher on January 19,...

Sarah simpson
Sarah simpson
January 21, 2026 2 Min Read
0 0

A critical remote authentication bypass vulnerability has been disclosed in GNU InetUtils, directly impacting its telnetd server component.

The flaw, reported by a security researcher on January 19, 2026, allows unauthenticated attackers to gain root access by exploiting improper input sanitization in the telnetd authentication mechanism.

The vulnerability stems from how telnetd invokes the login program. When a telnet client connects, telnetd receives a USER environment variable from the remote client and passes it directly to /usr/bin/login without sanitization.

An attacker can craft a malicious USER environment variable containing the string “-f root”, a parameter that login (1) interprets as a flag to bypass routine authentication procedures.

By sending a telnet connection with the specially crafted USER environment variable using telnet’s -a or –login parameter.

An unauthenticated remote user bypasses the login authentication system entirely and gains immediate root-level access to the system.

The vulnerability was inadvertently introduced during a code modification on March 19, 2015, and was included in GNU InetUtils version 1.9.3 released on May 12, 2015

 The flaw has persisted through all subsequent versions up to and including version 2.7. GNU InetUtils versions 1.9.3 through 2.7 are vulnerable.

According to OpenWall, organizations running telnetd from GNU InetUtils should immediately assess their exposure. GNU maintainers recommend three approaches:

Approach Description
Disable telnetd Turn off telnet due to insecurity (preferred)
Restrict access Allow only trusted clients
Upgrade software Apply patches by Eggert & Josefsson

This vulnerability demonstrates the persistent risks associated with legacy protocols like telnet.

 The authentication bypass allows complete system compromise with root privileges, making this a critical security threat for any system that exposes telnetd to untrusted networks.

Organizations should prioritize either updating GNU InetUtils or immediately turning off telnetd. The availability of patches means that delayed remediation significantly increases the risk of compromise.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitPatchSecurityThreatVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts