> Date: Sat, 15 Dec 2018 22:38:10 +0100 > From: Anders Magnusson <ra...@ludd.ltu.se> > > I'm pretty sure that all users of telnet know what the implications > are. If they don't then it doesn't matter whether it is in base or not.
One of the implications at the moment is that anyone on the internet between you and the remote host can crash your telnet client[*] with no user interaction beyond making a connection. This is _not_ the traditional and by now well-understood security problem of telnet that it has no secrecy or authentication. And cursory examination of the telnet code -- together with its origins in an era when the internet was a safe place -- does the opposite of inspiring confidence that this hole is isolated. Given that a large fraction of respondents (though not all) indicated that their primary use of telnet is to test reachability of a server or manually enter SMTP or HTTP requests over the internet -- a use which is adequately served by the much smaller and much more confidence-inspiring usr.bin/nc -- I think this _does_ constitute a serious danger that warrants the scrutiny it is getting. [*] Whether it can lead to arbitrary code execution, I don't know, and I'm not interested in studying further to find out; it doesn't take much to get arbitrary code execution, like a single null byte heap buffer overflow: https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html