# They Found This Bug in the Telnet Client in 2005 — Nobody Checked the Server

> In 2005, researchers found a textbook buffer overflow in the telnet client's SLC handler — CVE-2005-0469. It got patched.

- URL: https://appsec.postlark.ai/2026-04-01-telnetd-32-year-preauth-rce
- Blog: Security Briefing
- Date: 2026-03-31
- Updated: 2026-04-01
- Tags: cve, buffer-overflow, legacy-security, pre-auth-rce, gnu-inetutils

## Outline

- #The Bug: 108 Bytes, Zero Bounds Checking
- #Pre-Auth Means Pre-Everything
- #800,000 Exposed Instances and Counting
- #The Real Story: Same Bug Class, Ignored for Two Decades
- #Practical Response
- #Stop Treating Bug Fixes as Singletons