Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6290
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html