Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via \u201c-f root\u201d
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A critical remote authentication bypass<\/a> vulnerability has been disclosed in GNU InetUtils affecting the telnetd server component.<\/p>\n The flaw, reported by a security researcher on January 19, 2026, allows unauthenticated attackers to gain root access by exploiting improper input sanitization in the telnetd authentication mechanism.<\/p>\n The vulnerability stems from how telnetd invokes the login program. When a telnet client connects, telnetd receives a USER environment variable from the remote client and passes it directly to \/usr\/bin\/login without sanitization.<\/p>\n An attacker can craft a malicious<\/a> USER environment variable containing the string \u201c-f root\u201d, a parameter that login (1) interprets as a flag to bypass routine authentication procedures.<\/p>\n By sending a telnet connection<\/a> with the specially crafted USER environment variable using telnet\u2019s\u00a0-a\u00a0or\u00a0\u2013login\u00a0parameter.<\/p>\n An unauthenticated remote user bypasses the login authentication system entirely and gains immediate root-level access<\/a> to the system.<\/p>\n The vulnerability was inadvertently introduced during a code modification on March 19, 2015, and was included in GNU InetUtils version 1.9.3 released on May 12, 2015<\/p>\n \u00a0The flaw has persisted through all subsequent versions up to and including version 2.7. GNU InetUtils versions 1.9.3 through 2.7 are vulnerable. <\/p>\n According to OpenWall<\/a>, organizations running telnetd from GNU InetUtils should immediately assess their exposure. GNU maintainers recommend three approaches:<\/p>\n