Description
In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-03-13
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Isolate
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow triggered by the su command in the UNIX operating system. A password input longer than the 100‑byte limit overruns the stack, allowing an attacker to overwrite return addresses and execute arbitrary code with the privileges of the su command. The result is that a local user can gain root authority on the affected system.

Affected Systems

The affected vendor is AT&T Bell Labs, specifically the UNIX operating system in its Fourth Research Edition. The CVE description explicitly identifies this version as v4 and notes that it is no longer maintained or supported.

Risk and Exploitability

The CVSS score of 7.4 denotes high severity, while an EPSS score of less than 1% indicates that exploitation is unlikely in the wild. The flaw is not listed in the CISA KEV catalog. The likely attack vector is a local user running the su command on a machine still operating UNIX v4. Because no patch exists, the primary risk mitigation is to restrict local access or migrate away from the obsolete platform.

Generated by OpenCVE AI on March 22, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify all systems running AT&T Bell Labs UNIX Fourth Research Edition and isolate them from network and local connections where feasible
  • If su is not required for operations, disable or remove it from the system
  • Migrate remaining installations to a supported, modern operating system to eliminate the vulnerability

Generated by OpenCVE AI on March 22, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in UNIX su Command Enables Local Privilege Escalation

Sat, 21 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Sat, 21 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
References

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
References

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared At&t Bell Labs
At&t Bell Labs unix
Vendors & Products At&t Bell Labs
At&t Bell Labs unix

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Description In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments.

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

At&t Bell Labs Unix
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-21T22:00:54.839Z

Reserved: 2026-03-13T18:38:07.187Z

Link: CVE-2025-71263

cve-icon Vulnrichment

Updated: 2026-03-21T19:07:38.428Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:53.983

Modified: 2026-03-21T22:16:18.207

Link: CVE-2025-71263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:25Z

Weaknesses