Mastodawn

enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs

Show thread

Glyph

@0xabad1dea do you have a specific example of such a legit need? I do not typically think of myself as “sheltered” but this one eludes me

Show thread

abadidea Mar 25

@glyph wander into any factory in the world and you'll find 30yo industrial machinery that's been running the same firmware the entire time and trying to fiddle with it is liable to end the business

Show thread

Emma needs ☕️ and paying work Mar 25

@0xabad1dea @glyph my wife had to use a robot driven from a computer running Windows 2000 to move samples out of an electron microscope.

That's not telnet, but is similar.

Show thread

Kevin Karhan

Mar 25

@emma @0xabad1dea @glyph I still know some stuff running MS-DOS!

Show thread

nick Mar 26

@kkarhan @emma @0xabad1dea @glyph yeah and not that newfangled dos 4.0 either ...

Show thread

Trammell Hudson Mar 25

@0xabad1dea @glyph I visited a semiconductor fab in Chippewa Falls in 2013 and was shocked to find that the production line also doubled as a retrocomputing museum with Sun 3 and VAX hardware still in operation.

Show thread

julf Mar 25

@th @0xabad1dea @glyph I assume the Cray was not operational any more?

Show thread

Bonkers Mar 25

@julf @th @0xabad1dea @glyph it is fully operational as a cozy bench, apparently.

Show thread

Trammell Hudson Mar 25

@julf that Cray XMP was a static display and no longer operational. my guess is they don't have anyone who can rewire it.

Show thread

julf Mar 25

@th Wow! They need a Jacquard loom...

Show thread

Andreas Sikkema Mar 25

@th I remember the days when SARA had a bench like that in the waiting area 😉

Show thread

Andrea (Drea) Tamar Pinski Mar 25

@glyph @0xabad1dea

I can think of one reason, terminal servers; though most serial terminals these days support ssh. Even the one I have support ssh; though I used telnet rather than ssh as it was out of habbit. Plus I was using it on my own local network only and never exported.

Show thread

SnoopJ Mar 25

@glyph @0xabad1dea a former employer of mine used (probably still uses to this day) telnet to talk to a domain-specific piece of software that was at the heart of their business, and which once upon a time was connected directly to glass teletypes.

Tweaking it usually caused more problems for the business than leaving it be (and had an eye-popping hourly billing rate), and a full upgrade to a "modern" solution would have been an appreciable capital outlay and risk to business continuity for very little feature gain aside from "the UI is now 100x worse because everything's squeezed through the browser"

(sure, we wrapped it in an SSH connection, but it was still telnet under the hood)

Show thread

Chris Siebenmann Mar 25

@glyph @0xabad1dea At least some of the rack PDUs in our machine room only support telnet access for remote power control and outlet configuration, not SSH.

(And even when things support SSH their embedded OS and SSH daemon may be so old that it only supports ancient SSH encryption modes that you need special tools for. We have some of those too.)