Gonçalo RibeiroHere I am installing #telnetd on Debian in the laboratory... To test CVE-2026-24061.
vagrant init debian/bookworm64
vagrant up
vagrant ssh
sudo bash
apt update
apt install inetutils-telnetd=2:2.4-2+deb12u1 inetutils-telnet=2:2.4-2+deb12u1
/etc/inetd.conf to enable telnetdsystemctl restart inetutils-inetdss -tupln | grep :23)Congratulations, you got yourself a system vulnerable to CVE-2026-24061 !
Any good, legitimate checker around for CVE-2026-24061 ?
Exploitation is trivial, checking for the vulnerability, not so much.
I've successfully tested the PoC in the #SafeBreach Labs GitHub repository. It seems like a good place to start to write a checker (if there isn't a good one).
Unfortunately the PoC code cannot determine if the exploit ran successfully or not. If it doesn't, you just get a normal login shell. I wonder if Telnet even has a way to tell if the login was successful...
Looking at how nmap does it... I guess the protocol doesn't include something in that regard 😅 expected from an old protocol.
I conclude this because the telnet-brute.nse script just checks for a set of common strings to determine if the login was successful or not.
