Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.
Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command.
Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges.
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
Buffer overflow in Solaris dtprintinfo program.
Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.
The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory.
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
Solaris ufsrestore buffer overflow.
fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.
Solaris volrmmount program allows attackers to read any file.
root privileges via buffer overflow in eject command on SGI IRIX systems.
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
SGI permissions program allows local users to gain root privileges.
Buffer overflows in Sun libnsl allow root access.