Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.

The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.

Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.