cybersecurity

5463 readers

25 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

GNU InetUtils Security Advisory: remote authentication by-pass in telnetd (vulnerability.circl.lu)

submitted 4 days ago by cm0002@lemmings.world to c/cybersecurity

0 comments fedilink hide all child comments

The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter. If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes. This happens because the telnetd server do not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication. Severity: High Vulnerable versions: GNU InetUtils since version 1.9.3 up to and including version 2.7.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here