COMMAND
	    telnet
SYSTEMS AFFECTED
	    FreeBSD, OpenBSD
PROBLEM
	    Aaron Campbell posted following.  FreeBSD PR/6317 notes a  problem
	    in the telnet(1) client.  The -E option disables escape characters
	    entirely so it  is not supposed  to be possible  to escape to  the
	    `telnet>' prompt.  However, if the -8 (binary) option is specified
	    to  telnet  as  well  (i.e.,  telnet  -8E  <host>), sending a 0xFF
	    character would indeed  still cause the  escape.  This  could be a
	    security issue on systems that jail users in "canned" environments
	    (i.e.,  lynx-only  freenet  systems)  but  allow use of the telnet
	    client.   If  the  bug  described  above  were  present  and   the
	    conditions  were  right,  a  user  may  be  able  to escape to the
	    telnet> prompt and, for example, run shell commands using the  `!'
	    mechanism.  Btw, Andrew Maltsev found it.
	    If you want to test this on your system, it can be easily done  in
	    X.   Open  up  an  xterm  and  type:  printf "\777\n" at the shell
	    prompt.  Highlight and copy the strange character printed.  Now do
	    a telnet -8E <host> and paste the character, see if it escapes  to
	    the prompt. Ok, this might not work on all systems, but it  worked
	    for some.
SOLUTION
	    FreeBSD fixed this and OpenBSD adopted  the fix as well.  No  idea
	    about the status of other operating systems.