Mastodawn

enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs

Show thread

divVerent

@0xabad1dea Exactly. I do run a "telnet" daemon, but it's not telnetd but my own meme thing. At

telnet rmpolzer.de 21576  # for TERM=linux (text console)
telnet rmpolzer.de 21577  # for TERM=xterm and similar

it doesn't even speak telnet protocol, and in fact, you can just use nc instead, or even curl -N http://rmpolzer.de:21577 is gonna work just as well.

So fun can be had without it. There is no need for the unencrypted backdoor service itself anymore.