Vacation program allows command execution by remote users through a sendmail command.

TCP RST denial of service in FreeBSD.

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

The rwho/rwhod service is running, which exposes machine status and user information.

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in FreeBSD lpd through long DNS hostnames.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.