| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. |
| Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. |
| IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets. |
| lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. |
| AIX techlibss allows local users to overwrite files via a symlink attack. |
| Denial of service in BIND named via malformed SIG records. |
| Buffer overflow in AIX libDtSvc library can allow local users to gain root access. |
| Buffer overflow in AIX writesrv command allows local users to obtain root access. |
| Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. |
| The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. |
| Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779. |
| rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. |
| dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges. |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. |
| Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| The rwho/rwhod service is running, which exposes machine status and user information. |
| AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. |
| Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. |
| Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. |
