inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

AIX piodmgrsu command allows local users to gain additional group privileges.

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Buffer overflow in AIX xdat gives root access to local users.

Buffer overflow in AIX rcp command allows local users to obtain root access.

Buffer overflow in AIX lchangelv gives root access.