Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
Buffer overflow in Solaris lpset program allows local users to gain root access.
Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.
Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.
Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
Buffer overflow in AIX writesrv command allows local users to obtain root access.
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.
Solaris volrmmount program allows attackers to read any file.
Unauthorized privileged access or denial of service via dtappgather program in CDE.
Buffer overflow in AIX lchangelv gives root access.