Freebsd ≫ Freebsd

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

A buffer overflow in lsof allows local users to obtain root privilege.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

Vacation program allows command execution by remote users through a sendmail command.