rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15455
http://www.securityfocus.com/bid/9835