COMMAND

    crontab(1)

SYSTEMS AFFECTED

    AIX 3.2

PROBLEM

    The distributed  version of  /usr/bin/crontab contains  a security
    vulnerability.

    Local users can gain unauthorized root access to the system.

SOLUTION

    IBM  is  aware  of  this  problem  and  a fix is available as apar
    number "ix26997"  for AIX  version 3.2.   The version  information
    for  the  patched  /usr/bin/crontab  is  shown  in  the  following
    what(1) output:

% what /usr/bin/crontab
04 1.23 com/cmd/cntl/cron/crontab.c, cmdcntl, bos320, 9218320f 4/8/92 11:50:42
07 1.8  com/cmd/cntl/cron/permit.c, bos, bos320 4/25/91 17:16:59
11 1.15  com/cmd/cntl/cron/cronsub.c, bos, bos320 8/18/91 20:42:32
06 1.9  com/cmd/cntl/cron/funcs.c, bos, bos320 6/8/91 21:22:40

    If  your  crontab  contains  older  modules  than the above output
    indicates, we suggest that you install the fix.

    To order  from IBM  call 1-800-237-5511  and ask  that the  fix be
    shipped.  Patches may be  obtained outside the U.S. by  contacting
    your local IBM  representative.  If  you are on  the Internet, use
    anonymous  ftp  to  obtain  the  fix  from software.watson.ibm.com
    (129.34.139.5).

    Patch           Filename                Checksum
    AIX 3.2         pub/aix3/cronta.tar.Z   02324   154

    The patch must be retrieved using binary mode.