Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
http://www.securityfocus.com/bid/866
http://www.securityfocus.com/bid/2354
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191