On Thu Feb 5, 2026 at 10:55 AM CET, Alper Ak via lists.openembedded.org wrote: > Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24061 > > The vulnerability is about: > > The telnetd server invokes /usr/bin/login (normally running as root) > passing the value of the USER environment variable received from the > client as the last parameter. > > If the client supply a carefully crafted USER environment value being > the string "-f root", and passes the telnet(1) -a or --login parameter > to send this USER environment to the server, the client will be > automatically logged in as root bypassing normal authentication > processes. > > This happens because the telnetd server do not sanitize the USER > environment variable before passing it on to login(1), and login(1) > uses the -f parameter to by-pass normal authentication. > > Signed-off-by: Alper Ak <[email protected]> > --- > .../inetutils/CVE-2026-24061-01.patch | 38 +++++++++ > .../inetutils/CVE-2026-24061-02.patch | 82 +++++++++++++++++++ > .../inetutils/inetutils_2.7.bb | 2 + > 3 files changed, 122 insertions(+) > create mode 100644 > meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch > create mode 100644 > meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
Hello Alper, Thank you for the patch. Sorry but that patch was already sent a few days ago: [PATCH] inetutils: patch CVE-2026-24061 https://lists.openembedded.org/g/openembedded-core/message/230248 ... and that patch should merge shortly. Regards, -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230572): https://lists.openembedded.org/g/openembedded-core/message/230572 Mute This Topic: https://lists.openembedded.org/mt/117650968/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
