In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
References 6
https://discuss.systems/@ricci/115747843169814700
cve@mitre.org
https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/
cve@mitre.org
https://www.spinellis.gr/blog/20251223/
cve@mitre.org
https://www.tuhs.org/pipermail/tuhs/2026-January/032991.html
cve@mitre.org
http://www.openwall.com/lists/oss-security/2026/03/20/6
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2026/03/21/4
af854a3a-2127-422b-91ae-364da2661108