OpenSSH portable contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when OpenSSH is compiled with gcc or some other non-native-AIX complier, and an attacker places a specially crafted library in the current directory. This will allow the attacker to gain unauthorized privileges, and the flaw may lead to a loss of confidentiality.
Upgrade to version 3.6.1p2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by recompiling the OpenSSH files on AIX using the -blibpath option, or by compiling with the native AIX compiler. Another approach is to remove any setuid/setgid bits from the installed binaries, which may include ssh-agent, ssh-keysign, and ssh.