COMMAND

    /usr/sbin/lquerypv

SYSTEMS AFFECTED

    AIX 4.1, 4.2

PROBLEM

    The  "lquerypv"  command  is  an  undocumented,  low-level  worker
    program that is  a part of  the AIX Logical  Volume Manager family
    of  commands.    When   installed,  the   "lquerypv"  command   is
    set-user-id "root", which allows it to run with super-user  access
    permissions.

    When invoked with the "-h" option, "lquerypv" does not  adequately
    enforce the read  permissions on files  when it is  run by regular
    (non-"root") users.  This can allow users to obtain access to  the
    contents of files that they are not authorized to read.

	/usr/sbin/lquerypv -h /etc/security/passwd

    You can substitute  /etc/security/passwd for any  other unreadable
    file.  If the program is able to dump the file (maybe in hex)  you
    got a problem.

SOLUTION

    You can remove set-user-id bit by doing

        chmod u-s /usr/sbin/lquerypv

    or you can get patch for via

        http://service.software.ibm.com/aixsupport/

        System        Patch
        -------------------
        AIX 3.2.x     Not vulnerable; no fix necessary.
        AIX 4.1.x     APAR - IX64203
        AIX 4.2.x     APAR - IX64204