The list makes sense because those are the kinds of things that an externally facing Unix host is likely to be running. You don't see things like LDAP, NIS+, SMC and the like because only a Kamikaze SysAdmin would ever let those kinds of services in the DMZ.

I would agree with MsMittens and suggest in addition that any machines patched up to date are unlikely to be exploitable save perhaps poor or neglegent configuration... Which is usually the real underlying problem with a vulnerable DNS, Sendmail, Apache, etc. server.

For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.

-- spurious

Note that the Raq3 and above Linux web servers that are so popular with low-end hosting companies have good security records by comparison, despite running a 2.2 Kernel, and older versions of about every package.... Point is that a well configured system is half the battle!