{"id":"UBUNTU-CVE-2026-28372","details":"telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.","modified":"2026-03-05T12:29:35Z","published":"2026-02-27T06:18:00Z","upstream":["CVE-2026-28372"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-28372"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2026-28372"},{"type":"REPORT","url":"https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00000.html"},{"type":"REPORT","url":"https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=3953943d8296310485f98963883a798545ab9a6c"},{"type":"REPORT","url":"https://lists.gnu.org/archive/html/bug-inetutils/2026-02/msg00012.html"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2026/02/24/1"}],"affected":[{"package":{"name":"inetutils","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:1.9.2-1ubuntu0.1~esm2?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1.9.1.306-0a482-1","2:1.9.1.363-bbc1-1","2:1.9.2-1","2:1.9.2-1ubuntu0.1~esm1","2:1.9.2-1ubuntu0.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-ftp"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-ftpd"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-inetd"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-ping"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-syslogd"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-talk"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-talkd"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-telnet"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-telnetd"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-tools"},{"binary_version":"2:1.9.2-1ubuntu0.1~esm2","binary_name":"inetutils-traceroute"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:1.9.4-1ubuntu0.1~esm5?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1.9.4-1","2:1.9.4-1build1","2:1.9.4-1ubuntu0.1~esm1","2:1.9.4-1ubuntu0.1~esm2","2:1.9.4-1ubuntu0.1~esm3","2:1.9.4-1ubuntu0.1~esm5"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-ftp"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-ftpd"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-inetd"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-ping"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-syslogd"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-talk"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-talkd"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-telnet"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-telnetd"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-tools"},{"binary_version":"2:1.9.4-1ubuntu0.1~esm5","binary_name":"inetutils-traceroute"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:1.9.4-3ubuntu0.1+esm4?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1.9.4-2build1","2:1.9.4-3","2:1.9.4-3ubuntu0.1","2:1.9.4-3ubuntu0.1+esm1","2:1.9.4-3ubuntu0.1+esm2","2:1.9.4-3ubuntu0.1+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-ftp"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-ftpd"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-inetd"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-ping"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-syslogd"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-talk"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-talkd"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-telnet"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-telnetd"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-tools"},{"binary_version":"2:1.9.4-3ubuntu0.1+esm4","binary_name":"inetutils-traceroute"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:1.9.4-11ubuntu0.2+esm3?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1.9.4-10build1","2:1.9.4-11","2:1.9.4-11ubuntu0.1","2:1.9.4-11ubuntu0.1+esm1","2:1.9.4-11ubuntu0.2","2:1.9.4-11ubuntu0.2+esm1","2:1.9.4-11ubuntu0.2+esm3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-ftp"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-ftpd"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-inetd"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-ping"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-syslogd"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-talk"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-talkd"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-telnet"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-telnetd"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-tools"},{"binary_version":"2:1.9.4-11ubuntu0.2+esm3","binary_name":"inetutils-traceroute"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:2.2-2ubuntu0.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:2.0-1","2:2.2-2","2:2.2-2ubuntu0.1","2:2.2-2ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-ftp"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-ftpd"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-inetd"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-ping"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-syslogd"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-talk"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-talkd"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-telnet"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-telnetd"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-tools"},{"binary_version":"2:2.2-2ubuntu0.2","binary_name":"inetutils-traceroute"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/inetutils@2:2.5-3ubuntu4.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:2.4-2ubuntu2","2:2.4-3ubuntu1","2:2.5-3ubuntu1","2:2.5-3ubuntu3","2:2.5-3ubuntu4","2:2.5-3ubuntu4.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-ftp"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-ftpd"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-inetd"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-ping"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-syslogd"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-talk"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-talkd"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-telnet"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-telnetd"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-tools"},{"binary_version":"2:2.5-3ubuntu4.1","binary_name":"inetutils-traceroute"},{"binary_version":"0.17+2.5-3ubuntu4.1","binary_name":"telnet"},{"binary_version":"0.17+2.5-3ubuntu4.1","binary_name":"telnetd"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}},{"package":{"name":"inetutils","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/inetutils@2:2.6-1ubuntu3.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:2.5-6ubuntu1","2:2.6-1ubuntu1","2:2.6-1ubuntu3","2:2.6-1ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-ftp"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-ftpd"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-inetd"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-ping"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-syslogd"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-talk"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-talkd"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-telnet"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-telnetd"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-tools"},{"binary_version":"2:2.6-1ubuntu3.1","binary_name":"inetutils-traceroute"},{"binary_version":"0.17+2.6-1ubuntu3.1","binary_name":"telnet"},{"binary_version":"0.17+2.6-1ubuntu3.1","binary_name":"telnetd"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28372.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}