|
|
|
|
|
|
by est
132 days ago
|
|
|
> a mountain of legacy and they are fine. telnetd CVE-2026-24061. It's embarrassingly simple exploit but took years to be discovered. > When telnetd invokes /usr/bin/login, it passes the USER value directly. If an attacker sets USER=-f root and connects using telnet -a or --login, the login process interprets -f root as a flag to bypass authentication, granting immediate root shell access. |
|
|