genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.

Buffer overflow in AIX ftpd in the libc library.

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

Denial of service in AIX ptrace system call allows local users to crash the system.

Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.

AIX infod allows local users to gain root access through an X display.