Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
online.securityfocus.com/archive/1/270122
www.esecurityonline.com/advisories/eSO2397.asp
www.iss.net/security_center/static/8954.php
www.iss.net/security_center/static/8955.php
www.securityfocus.com/bid/4624
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68