Taylor R Campbell <campbell+netbsd-tech-userle...@mumble.net> writes:
> Given that a large fraction of respondents (though not all) indicated > that their primary use of telnet is to test reachability of a server > or manually enter SMTP or HTTP requests over the internet -- a use > which is adequately served by the much smaller and much more > confidence-inspiring usr.bin/nc -- I think this _does_ constitute a > serious danger that warrants the scrutiny it is getting. > > [*] Whether it can lead to arbitrary code execution, I don't know, and > I'm not interested in studying further to find out; it doesn't > take much to get arbitrary code execution, like a single null byte > heap buffer overflow: > > https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html If somebody knows the details of such a bug and wants to fix it, that seems uncontroversial. But we don't seem to be talking about that.
