Lingering Vulnerability In Telnetd Found

A recently discovered vulnerability in the GNU InetUtils telnetd server has just been revealed. The bug allows a user to obtain root access by passing in a simple environment variable.

Though recently revealed, the bug has been in the code since 2015.

“Do not run a telnetd server at all.” advises Simon Joseffson, one of the patch submitters.

About NoVaLUG

The Northern Virginia Linux Users Group (NoVaLUG)

We are a curious, informal, and friendly mix of IT professionals, hobbyists, students, and others with an interest in Linux, Free and Open Source software, and open knowledge. The Northern Virginia Linux Users Group (NoVaLUG) is the oldest LUG in the Northern VA area and likely in the whole of US, established in 1993.

Obtaining an Account

Accounts on this server are limited to members of NoVaLUG. To get an invite link, you must do one of the following:

Ask for a link at one of our meetings.
Send a message on our mailing list asking for a link.
Request an invite link in our Signal chat group.

Service Information

Users on this server may be referred to with the novalug.org domain name (e.g. "foo@novalug.org" or "@foo@novalug.org"). However, when using URLs, the full hostname of akk.novalug.org must be used (e.g. "https://akk.novalug.org/foo").

To use this server with other clients, such as mobile apps, use the full host name of akk.novalug.org.

If you prefer the "classic" Mastodon UI, go here.

Code of Conduct

Our rules are simple.

Be kind, be courteous.
No porn.
No spam.
No harassment.
No illegal behavior.
Users must be 13 years of age or older.

We reserve the right to reject, delete, moderate and take any other action necessary. Simply put, don't be a jerk!