Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
http://www.securityfocus.com/bid/207
http://www.iss.net/security_center/static/7442.php
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144