SCO : Security Vulnerabilities, CVEs,

MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Delete or create a file via rpc.statd, due to invalid information.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

DNS cache poisoning via BIND, by predictable query IDs.

Command execution in Sun systems via buffer overflow in the at program.

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Sendmail decode alias can be used to overwrite sensitive files.

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access.

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

SCO Doctor allows local users to gain root privileges through a Tools option.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.

UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.