At least one vendor has chosen to include a new /bin/login with their telnetd patch. At least one vendor is shipping a patch with a new telnetd, but without a new /bin/login. I gather another advisory may be forthcoming for another, related hole, this time in /bin/login. Can somebody name that hole?