Sun ≫ Sunos

The WorkMan program can be used to overwrite any file to get root access.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

vold in Solaris 2.x allows local users to gain root access.

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...

Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Delete or create a file via rpc.statd, due to invalid information.