Sco ≫ Tcp Ip

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.