Hi Justin, Justin Swartz <[email protected]> writes:
> Greetings, > > It appears the inetutils telnet client will unconditionally leak > requested environment variables to a server via the NEW-ENVIRON > option and the SEND ENV_USERVAR command. No explicit export is > required by the user. > > I sent a message [1] to the oss-security list today that contains > my findings regarding the inetutils telnet client, and a few other > leaky telnet client implementations. > > Regards, > Justin > > --- > > [1] https://www.openwall.com/lists/oss-security/2026/03/13/1 Thanks. I'll try to take a look at it this weekend. Collin
