Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.

Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.

Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.

Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.

AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.

Vacation program allows command execution by remote users through a sendmail command.

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

Command execution in Sun systems via buffer overflow in the at program.

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.