traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Solaris | Sun | 10.0 (including) | 10.0 (including) |