This vulnerability was discovered by Kyle Amon <firstname.lastname@example.org>.
IBM AIX 4.2.1
IBM AIX 4.1.5
A vulnerability in the 'named-xfer' executable allows members of the 'system' group to overwrite any file in the system.
The '/usr/sbin/named-xfer' file under AIX is setuid root and only executable by members of the 'system' group. By using the '-f' command line parameter to named-xfer members of the system group can overwrite any file on the system with a DNS zone file.
A cleverly written zone file used to overwrite say /.rhosts could be used to obtain root access to the system.
The defect ticket 287556 has been opened to fix this issue.
See the discussion.
Turn off the setuid bit from named-xfer. It is not required for its proper functioning.