			  librpc vuls, Sun 5.5.1


authdes_seccreate()  | U | 88 | auth_des.c | 
                       calls getpublickey() with an argument 
                       getpublickey() == publickey.c, line 421 calls
                       getkeys_nis(). getkys_nisplus() is NOT vul

rpc_broadcast_exp() | D | 149 | clnt_bcast.c | 
                      overflows buffer with place where "tcp" or "udp"
                      goes. vul unlikely.. only if they are, for example,
                      given the option to provide type (like "tcp" or
                      "udp") and they enter "AAA..". wont happen with
                      daemons.. just possible suid rpc programs (unlikely)

authdes_create() | U | 568 | rpc_soc.c |
                   calls authdes_seccreate() (see above). vul at bottom of
                   the func.. unlikely to make it all the way to it

rpc_broadcast() | U | 563 | clnt_bcast.c |
                  calls rpc_broadcast_exp() (see above). at the top of
                  this function.. so the possibility of exploiting is
                  the same as rpc_broadcast_exp().

clnt_create_timed() | D | 128 | clnt_generic.c |
		      exact same vul and probability as rpc_broadcast_exp().


host2netname() | D | 462, 476 | netname.c |
                 some DNS type overflows.. the probability of exploiting 
                 this is probably quite high
getnetname() | U | 301 | netname.c | 
                   calls host2netname() (see above).. same probability

clnt_create() | U | 110 | clnt_generic.c |
                calls clnt_create_timed() (see above).. same probability

rpc_call() | D | 65 | clnt_simple.c |
	     exact same problem as rpc_broadcast_exp() see above.. same
             probability

authdes_pk_seccreate() | U | 110 | auth_des.c |
                         calls getnetname().. at top.. pretty likely
                         to be exploitable
