Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.

Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

Remote access in AIX innd 1.5.1, using control messages.

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Sendmail decode alias can be used to overwrite sensitive files.

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

AIX piodmgrsu command allows local users to gain additional group privileges.

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Various vulnerabilities in the AIX portmir command allows local users to obtain root access.

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Buffer overflow in AIX rcp command allows local users to obtain root access.

Buffer overflow in AIX libDtSvc library can allow local users to gain root access.

IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

AIX routed allows remote users to modify sensitive files.

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.