Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-28372

Опубликовано: 27 фев. 2026
Источник: debian
EPSS Низкий

Описание

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
inetutilsfixed2:2.7-3package
inetutilsignoredbookwormpackage
inetutilsignoredbullseyepackage

Примечания

  • https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html

  • Fixed by: https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=4db2f19f4caac03c7f4da6363c140bd70df31386

  • systemd service credentials support for login(1) from util-linux introduced in 2.40 release

EPSS

Процентиль: 0%
0.00006
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-28372

CVSS3: 7.4
ubuntu
около 1 месяца назад

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

nvd логотип

CVE-2026-28372

CVSS3: 7.4
nvd
около 1 месяца назад

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

github логотип

GHSA-j682-47rx-fxrp

CVSS3: 7.4
github
около 1 месяца назад

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

fstec логотип

BDU:2026-02403

CVSS3: 7.4
fstec
около 1 месяца назад

Уязвимость сервера telnetd пакета сетевых программ inetutils, позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 0%
0.00006
Низкий