| 6! | IBM AIX rpc.cmsd buffer overflow
updated since 09.10.2009
|
 | | Buffer overflow on RPC request parsing. |
| 6! | IBM AIX libc privilege escalation
|
| | It's possible to maniuplate files via _LIB_INIT_DBG and _LIB_INIT_DBG_FILE environment variables for suid applications. |
| 6! | ToolTalk rpc.ttdbserverd buffer overflow
|
| | Buffer overflow in _tt_internal_realpath RPC procedure. |
| 6! | IBM AIX symbolic links vulnerability
|
| | Symbolic links vulnerability in libc dynamic memory debugging functionality. |
| | IBM AIX muxatmd buffer overflow
|
| | Buffer overflow with overszied calling program name. |
| | IBM AIX pioout utility buffer overflow |
| | | |
| 7! | IBM AIX multiple utilities vulnerabilities
|
| | Security vulnerabilities in bellmail, ftp, lquerypv, lqueryvg, dig, crontab, swcons. |
| 6! | IBM AIX utilities multiple security vulnerabilities
|
| | Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture. |
| | IBM AIX libodm buffer overflow
|
| | Buffer overflow on ODMPATH environment variable parsing. |
| | IBM AIX drmgr DoS |
| | | |
| | AIX lsmcode privilege escalation
updated since 30.05.2006
|
| | User's environment variable is used to launch external application. |
| | IBM AIX buffer overflow |
| | | |
| | IBM
|
| | Buffer overflow in bos.rte.libc library. |
| 6! | IBM AIX POP3 and IMAP daemons authentication problem |
| | | |
| 8! | Unzuthorized file access via file stdio decriptors in multiple Unix systems
updated since 22.04.2002
|
| | By exhausting all file descriptors and closing stderr it's possible to causesituation called application will open new file with descriptor 2 and all stderr output will be redirected to file. In few systems it's enougth to close standard descriptor. |
| | IBM AIX ftpd DoS |
| | | |
| 6! | IBM AIX utilities multiple security vulnerabilities
updated since 26.09.2006
|
| | Xclock buffer overflow; utape, cfgmgr, rdist, uucp, snappd, named8 and mkvg privilege escalation; slip.login and Inventory Scout arbitrary file overwrite. |
| | IBM AIX dtterm privilege escalation |
| | | |
| | AIX mpvg privilege escalation
|
| | External applications are executed with relative path. |
| | IBM AIX setlocale() privilege escalation |
| | | |
| | AIX mklvcopy vulnerability
updated since 16.03.2006
|
| | Insecure external application execution by relative path. |
| | Privilege escalation in IBM AIX rm_mlcache_file with file overwrite
updated since 18.04.2006
|
| | Race conditions on temporary file creation. |
| 6! | Multiple AIX multiple vulnerabilities
updated since 16.12.2005
|
| | Buffer overflow in heap debugging, buffer overflows in muxatmd, slocal, file access privilege escalation in getShell and getCommand. |
| | AIX getconf buffer overflow |
| | | |
| 6! | ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
|
| | By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease. |
| 6! | Multiple AIX privilege escalations
|
| | invscout, diagTasksWebSM, getlvname utilities buffer overflows. |
| | Multiple IBM AIX utilities bugs
|
| | Buffer overflow, privilege escalation: ipl_varyon, lspath, netpmon. |
| | IBM AIX auditselect format string bug
|
| | Buffer overflow on parsing command line argument. |
| 6! | Multiple AIX bugs
updated since 21.12.2004
|
| | lsmcode, diag_exec, invscout, invscoutd invoke external application with relative path, paginit - stack based buffer overflow. |
| | AIX Object Data Manager DoS |
| | | |
| 7! | AIX libXm.a multiple bugs |
| | | |
| | AIX ctstrtcasd privilege escalation
|
| | User can overwrite any file with -f option. |
| | |
