Title:GNU Inetutils 参数注入漏洞 (CVE-2026-24061) Description:telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
Description
GNU InetUtils telnetd 远程身份认证绕过漏洞(CVE-2026-24061),此漏洞主要影响 telnetd 在调用系统 /usr/bin/login 程序时,未对从客户端 USER 环境变量传入的用户名做过滤,直接拼接到 login 命令行。未经授权的远程攻击者可利用该缺陷,在无需任何口令的情况下直接获取目标主机的 root shell。
File Snapshot
None
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →