Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

FreeBSD mmap function allows users to modify append-only or immutable files.

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.