Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Command execution in Sun systems via buffer overflow in the at program.

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in Solaris fdformat command gives root access to local users.

NFS cache poisoning.

Buffer overflow of rlogin program using TERM environmental variable.