GNU Inetutils 2.8 Security Update

A computer security forum focused on cybersecurity, system hardening, network protection, vulnerability analysis, privacy, and best practices for securing servers, applications, and infrastructure.
Forum rules
Post Reply
NetGuru
Posts: 37
Joined: Thu Apr 23, 2026 5:29 pm

GNU Inetutils 2.8 Security Update

Post by NetGuru »

GNU Inetutils 2.8: Security Update Fixes Telnet-Related Vulnerabilities

GNU has released Inetutils 2.8, a new stable version of its traditional networking utilities package.

Inetutils includes classic network tools and services such as:
  • telnet / telnetd
  • ftp / ftpd
  • inetd
  • rlogin / rsh / rexec
  • tftp
  • ping, traceroute, whois and others
The most important part of this release is security-related. According to the official release announcement, Inetutils 2.8 fixes several telnet and telnetd issues, including critical vulnerabilities affecting versions up to 2.7.

Important fixed vulnerabilities
  • CVE-2026-24061 – telnetd remote authentication bypass. A remote attacker could bypass login checks by abusing the USER environment variable.
  • CVE-2026-32746 – telnetd out-of-bounds write, potentially leading to remote code execution.
  • CVE-2026-28372 – privilege escalation related to environment variables and systemd service credentials.
The release also changes telnetd behavior so that environme…login to view the rest of this post
Top
Post Reply

Return to “Security”