chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.