On a machine with Red Hat Linux 5.1 for i386 and all
the updated RPMs, I see the following:
[mybox] ~ > cat .telnetrc
default environ undefine USER
default set flushoutput off
[mybox] ~ > telnet mybox
flushoutput character is 'off'.
Connected to mybox.
Escape character is '^]'.
Dec 1 12:52:59 mybox telnetd: ttloop: read: Broken
It works fine when removing the ~/.telnetrc file.
It works also fine on other UNIXes including (but I'm not
100% sure) Red Hat Linux 4.1.
This has been verified to be a bug. It occurs on systems later than
5.0. It only occurs if the first line is present. I comment it out and
the problem did not occur.
The segfault is actually in telnet, not telnetd.
Fixed (by scrapping the netkit telnet in favor of an OpenBSD client)