AIX contains a flaw that may allow a local user to gain SGID 'mail' privileges. The issue is due to the /usr/bin/bellmail binary allowing a user to set an environment variable (IFS) to / temporarily. With this internal field separator changed, a temporary SGID shell can be created and executed by bellmail.
HP-UX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the hpterm program, which may allow a malicious user to access any file on the system regardless of ownership and permissions resulting in a loss of integrity. No further details have been provided.
Using AIX's "Maintenance Mode", it is possible for an attacker with physical access to the machine to gain privileged access. The issue is due to the maintenance prompt allowing you to spawn a sub-shell, that will be executed with root privileges. While in maintenance mode, no password prompt will appear.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.