abadidea2d ago
enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
Show threadGlyph2d ago
@0xabad1dea do you have a specific example of such a legit need? I do not typically think of myself as “sheltered” but this one eludes me
Show threadSnoopJ

@glyph @0xabad1dea a former employer of mine used (probably still uses to this day) telnet to talk to a domain-specific piece of software that was at the heart of their business, and which once upon a time was connected directly to glass teletypes.

Tweaking it usually caused more problems for the business than leaving it be (and had an eye-popping hourly billing rate), and a full upgrade to a "modern" solution would have been an appreciable capital outlay and risk to business continuity for very little feature gain aside from "the UI is now 100x worse because everything's squeezed through the browser"

(sure, we wrapped it in an SSH connection, but it was still telnet under the hood)

Mar 25 at 7:06amWeb