I just threw up a blog post with all the relevant details (http://www.computerdefense.org/?p=258). Needless to say there's a new 0-day in the Solaris telnet daemon. It's rather simple to bypass and could be remotely exploited by my grandmother... If you're running telnet still.. Disable it.