- passwd(1)


COMMAND

passwd(1)

SYSTEMS AFFECTED

AIX 3.2 and the 2007 update of AIX 3.1


PROBLEM

The  passwd  command  contains  a  security  vulnerability.  Local
users can gain unauthorized root access.



SOLUTION

IBM is  aware of  this problem
and a  fix is  available as  apar
number "ix23505".  Patches are available for AIX 3.2 and the  2007
update of AIX 3.1.

This fix may be ordered from  Level 2 support or by anonymous  ftp
from software.watson.ibm.com (129.34.139.5) on the Internet.

1. To order from IBM call 1-800-237-5511 and ask that the  fix
be shipped.   Patches may be  obtained outside the  U.S. by
contacting your local IBM representative.

2. If you are on the Internet
use anonymous ftp to obtain the
fix from software.watson.ibm.com.

Patch           Filename                Checksum
AIX 3.2         pub/aix3/pas.32.tar.Z   54431  2262
AIX 3.1 2007    pub/aix3/pas.31.tar.Z   06703    99

Patches should be retrieved using binary mode.

IBM is currently  incorporating the fix  into the 3.2  version and
3.1 updates  of AIX.   Future shipments  of these  products should
not be  vulnerable to  this problem.   If you  have any  questions
about   products   you   receive
please   contact   your    IBM
representative.