It's possible to overflow buffer with AYT telnet protocol command.
vulners.com/securityvulns/securityvulns:doc:1852
vulners.com/securityvulns/securityvulns:doc:1874
vulners.com/securityvulns/securityvulns:doc:1909
vulners.com/securityvulns/securityvulns:doc:6843