One would assume that most LWN readers stopped running network-accessible telnet services some number of decades ago. For the rest of you, this security advisory from
Simon Josefsson is worthy of note:
The telnetd server invokes /usr/bin/login (normally running as
root) passing the value of the USER environment variable received
from the client as the last parameter.
If the client supplies a carefully crafted USER environment value
being the string "-f root", and passes the telnet(1) -a or --login
parameter to send this USER environment to the server, the client
will be automatically logged in as root bypassing normal
authentication processes.
https://lwn.net/Articles/1055213/
--- SBBSecho 3.34-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)