TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Exploit-DB

[local] GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation

2026-04-29 · Read original ↗

ATT&CK techniques detected

4 predictions
T1068Exploitation for Privilege Escalation
96%
"[ local ] gnu inetutils 2. 6 - telnetd remote privilege escalation gnu inetutils 2. 6 - telnetd remote privilege escalation # exploit title : gnu inetutils telnetd - remote privilege escalation # date : 2026 - 01 - 24 # exploit author : ali guliyev ( infat0x ) # author github : h…"
T1190Exploit Public-Facing Application
88%
"##net _ stream ( raw _ data, sock, user _ payload ) if display _ data : sys. stdout. buffer. write ( display _ data ) sys. stdout. buffer. flush ( ) except ( connectionreseterror, brokenpipeerror ) : pass finally : print ( " \ n [ * ] connection closed. " ) def main ( ) : parser …"
T1190Exploit Public-Facing Application
84%
". 7 - 2 is vulnerable to authentication bypass via environment variable injection. by passing a crafted user environment variable ( e. g., " - f root " ) during the telnet new - environ subnegotiation, an attacker can force the login process to grant a root shell without requirin…"
T1190Exploit Public-Facing Application
53%
"" " if cmd = = do and opt = = new _ environ : # agreement to use the environment variable passing option sock. sendall ( bytes ( [ iac, will, new _ environ ] ) ) elif cmd = = do : # refuse other options for simplicity sock. sendall ( bytes ( [ iac, wont, opt ] ) ) elif cmd = = wi…"

Summary

GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation