Georgi Guninski Security Advisory #56, 2002 - It is possible to inject user supplied input to file descriptors 0 through 2, which in some cases (for example if the user is permitted to do su) leads to local root compromise. Includes C code which checks if your system is vulnerable.
5f384a32d95069e2a59cd9ac291811139c17cd24f6fb6bf2e1c41c048807c9f3
FreeBSD Security Advisory FreeBSD-SA-02:34 - All releases of FreeBSD up to and including 4.6.1-RELEASE-p5 contain an error in the the calculation of memory needed for unpacking arrays in the SunRPC XDR decoder results in a remotely exploitable heap overflow. Many rpc services are vulnerable, including NFS, the NIS server, rpc.statd and more.
76e33d674df2b311946bde6ac0d5ff86ca20d3bb6258a997eb245cdc6ed93f56
KDE 2/3 artsd 1.0.0 local root exploit proof of concept. Artsd is not suid - exploit written for practice.
63ef555eeac80b7d7bbeafa9a3ab3f506a639c7134188c6267fce0f2f4d197db
IMAP4rev1(lsub) remote exploit. Tested against v12.264, 12.250, 11.241, and 10.223. Requires username and password. Includes offsets for Red Hat and Slackware.
fab9c3c9f5c88eb5ccef31cc210a623985245fd8043724121dc1b172c2b35492
Packet Storm new exploits for July, 2002.
d8eec74c4a639b0dfe04e9dca80d7c5f56c303ee564a8c41a2c7e6be00a63c10
FreeBSD Security Advisory FreeBSD-SA-02:32 - The pppd program shipped with all releases of FreeBSD up to and including 4.6.1-RELEASE-p1 contains a race condition which can be exploited by local users to change the permissions of any file.
f09d3294360258453f1ac13605ed545115ba18426a55d3487333f205af45c75f