Buffer overflow in AIX rcp command allows local users to obtain root access.
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
vold in Solaris 2.x allows local users to gain root access.
AIX passwd allows local users to gain root access.
AIX bugfiler program allows local users to gain root access.
Buffer overflow in AIX libDtSvc library can allow local users to gain root access.
AIX Licensed Program Product performance tools allow local users to gain root access.
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
Buffer overflow in AIX lquerylv program gives root access to local users.
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
The WorkMan program can be used to overwrite any file to get root access.
Buffer overflow in Solaris fdformat command gives root access to local users.
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
Buffer overflow in xlock program allows local users to execute commands as root.
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
Command execution in Sun systems via buffer overflow in the at program.
Local users can start Sendmail in daemon mode and gain root privileges.
Buffer overflow in ffbconfig in Solaris 2.5.1.
Buffer overflow in AIX dtterm program for the CDE.
Buffer overflow in SunOS/Solaris ps command.
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
Buffer overflow in Sun's ping program can give root access to local users.
Various vulnerabilities in the AIX portmir command allows local users to obtain root access.
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
Buffer overflow in AIX xdat gives root access to local users.
Solaris ufsrestore buffer overflow.
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.
IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.
Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors.
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."