Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in Solaris fdformat command gives root access to local users.

NFS cache poisoning.

Buffer overflow of rlogin program using TERM environmental variable.

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Delete or create a file via rpc.statd, due to invalid information.

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.