COMMAND

    fs (file system)

SYSTEMS AFFECTED

    IBM AIX 3.2.x, 4.1.x, 4.2.x, 4.3.x

PROBLEM

    Following is  based on  a IBM  Emergency Response  Service.  Local
    users could gain write access  to some files on local  or remotely
    mounted AIX filesystems, even  though the file permissions  do not
    allow write access.  This vulnerability was discovered in the  IBM
    laboratory  during  analysis  of  filesystem  behavior  and is not
    exposed during normal system operation.

    A local user  could gain write  access to some  files on local  or
    remotely mounted AIX filesystems, even though the file permissions
    do not allow write access.

    Pat Barrett and Dave Larson brought this problem to the attention.

SOLUTION

    The following fixes can be obtained from the AIX Fix  Distribution
    Service at the following URL:

        http://techsupport.services.ibm.com/rs6k/fixes.html

        AIX 3.2.x: APAR IY10111
        AIX 4.1.x: APAR IY10031
        AIX 4.2.x: APAR IY10001
        AIX 4.3.x: APAR IY09941

    In addition, an emergency fix specifically built to install on AIX
    4.3.2 systems is available at the following URL:

        ftp://aix.software.ibm.com/aix/efixes/iy09941