Описание
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needed | |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | needed | |
| jammy | needed | |
| noble | needed | |
| questing | needed | |
| upstream | released | 2:2.7-3 |
Показывать по
Ссылки на источники
EPSS
7.4 High
CVSS3
Связанные уязвимости
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
telnetd in GNU inetutils through 2.7 allows privilege escalation that ...
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
Уязвимость сервера telnetd пакета сетевых программ inetutils, позволяющая нарушителю повысить свои привилегии до уровня root
EPSS
7.4 High
CVSS3