SCO Security Advisory – Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/37094/SCOSA-2005.21.txt
Source: https://packetstormsecurity.com/files/37094/SCOSA-2005.21.txt.html