Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

Buffer overflows in Sun libnsl allow root access.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

Buffer overflow in SGI IRIX mailx program.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Buffer overflow in statd allows root privileges.

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

DNS cache poisoning via BIND, by predictable query IDs.

Buffer overflow in SunOS/Solaris ps command.

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.