Disclosure Date: August 05, 2019 (last updated July 24, 2020)
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Disclosure Date: July 02, 2014 (last updated June 05, 2020)
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Disclosure Date: June 08, 2014 (last updated June 05, 2020)
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
Disclosure Date: July 18, 2013 (last updated July 30, 2020)
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 18.104.22.168-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Disclosure Date: May 08, 2014 (last updated June 05, 2020)
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.