Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

A buffer overflow in lsof allows local users to obtain root privilege.

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

The open() function in FreeBSD allows local attackers to write to arbitrary files.

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.