Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

SUN:00157 | URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157 | XF:sun-sysdef