Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

AIX cdmount allows local users to gain root privileges via shell metacharacters.

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.

AIX techlibss allows local users to overwrite files via a symlink attack.

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.

Denial of service in BIND named via naptr.

Denial of service in BIND named via malformed SIG records.