COMMAND

    libDTsvc.a

SYSTEMS AFFECTED

    AIX 4.1, 4.2

PROBLEM

    A  buffer  overflow  vulnerability  exists  in  the AIX libDtSvc.a
    library  that  can  allow  local   users  to  become  root.    The
    libDtSvc.a  provided  in  the  last  patch  contained  a  bug that
    prevented users from logging  in via the CDE  desktop.  A new  fix
    is available that fixes this problem in addition to several  other
    buffer overflows.

SOLUTION

    IBM made available following APARs that fix the thing:

        Abstract                                 4.1 APAR        4.2 APAR
        ====================================================================
        SECURITY: buffer overflow in dtaction    IX69179         IX69180
        SECURITY: buffer overflow in writesrv    IX69168         IX69169
        SECURITY: buffer overflow in /bin/rcp    IX69170         IX69171

    There is a temporary fix available via anonymous ftp:

        ftp://testcase.software.ibm.com/aix/fromibm/dtaction.security.tar.Z