3 matches found
CVE-2022-39028
CVE-2022-39028 affects telnetd in GNU Inetutils up to 2.3 and MIT krb5-appl up to 1.0.3 (and derivatives). The issue is a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8, causing telnetd to crash; in typical installs the service stays up via inetd, but repeated crashes can render the telnet s...
CVE-2023-40303
CVE-2023-40303 relates to inetutils, where multiple set*id() return values were not checked in ftpd, rcp, rlogin, rsh, rshd, and uucpd, enabling potential local privilege escalation. Affected software: GNU inetutils (various Unix/Linux distros). Impact: privilege escalation if setuid/setgid/seteu...
CVE-2026-28372
CVE-2026-28372 affects telnetd in GNU inetutils up to version 2.7. The root cause is that login(1) in util-linux 2.40 added systemd service credentials support, enabling a local unprivileged user to influence the CREDENTIALS_DIRECTORY environment variable and create a login.noauth file, which can...