time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

A buffer overflow in lsof allows local users to obtain root privilege.

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Buffer overflow of rlogin program using TERM environmental variable.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.