The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
Buffer overflow in AIX writesrv command allows local users to obtain root access.
AIX infod allows local users to gain root access through an X display.
Buffer overflows in Sun libnsl allow root access.
Buffer overflow in AIX lquerylv program gives root access to local users.
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
Unauthorized privileged access or denial of service via dtappgather program in CDE.
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
Various vulnerabilities in the AIX portmir command allows local users to obtain root access.
AIX bugfiler program allows local users to gain root access.
Command execution in Sun systems via buffer overflow in the at program.