abadidea2d ago
enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
Show threadGlyph2d ago
@0xabad1dea do you have a specific example of such a legit need? I do not typically think of myself as “sheltered” but this one eludes me
Show threadChris Siebenmann

@glyph @0xabad1dea At least some of the rack PDUs in our machine room only support telnet access for remote power control and outlet configuration, not SSH.

(And even when things support SSH their embedded OS and SSH daemon may be so old that it only supports ancient SSH encryption modes that you need special tools for. We have some of those too.)

Mar 25 at 7:49pmWeb