Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via “-f root”

A critical authentication-bypass flaw in GNU InetUtils' telnetd (introduced in version 1.9.3 and present through 2.7) allows unauthenticated remote attackers to gain immediate root by passing a crafted USER environment variable (such as "-f root") to /usr/bin/login; organizations are advised to disable telnetd, restrict access, or apply vendor patches immediately.