The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.
0.6.4 fixes this problem.
The only workaround for this bug is to not use the telnet client.
See also CAN-2005-0469