Buffer overflow on large name= request. Heap overflow in TTYPROMPT is trivially exploitable with remote root compromise.
vulners.com/securityvulns/securityvulns:doc:2260
vulners.com/securityvulns/securityvulns:doc:2751
vulners.com/securityvulns/securityvulns:doc:3565