COMMAND

    bsh

SYSTEMS AFFECTED

    AIX 3.2 and earlier.

PROBLEM

    Vulneravility in bshbatch queue allows unathorized access.  Remote
    users my again access to privileged accounts. If network  printing
    is enabled, the bsh queue  will permit users on remote  systems to
    execute commands at an elevated privilege.

SOLUTION

    Disable bsh; obtain and install  fix from IBM. To disable  the bsh
    queue from the command line enter:

    chqueue -qbsh -a"up = FALSE"

    or from SMIT enter:

    Spooler
    Manage Local Printer Subsystem
    Local Printer Queues
    Change/Show Characteristics of a Queue
    select bsh
    Activate the Queue
    select no

    IBM has  made available  an emergency  fix for  this vulnerability
    via anonymous  ftp from  software.watson.ibm.com in  the directory
    /pub/aix.  The  fix  is  contained  in  the  compressed  tar  file
    bshfixN.tar.Z, where  N is  the current  version of  the fix.  The
    official  fix  for  this  problem  can  be  ordered  from IBM, the
    APAR # is IX44381.