Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Delete or create a file via rpc.statd, due to invalid information.

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.