COMMAND

    nslookup

SYSTEMS AFFECTED

    AIX 4.1, 4.2

PROBLEM

    The nslookup command has  a vulnerability that allows  local users
    to become root.  Here's the catch.  If nslookup is installed with
    the s-bit all users can create and overwrite files owned by  root.
    This works in the interactive mode, when dumping dns-records to  a
    file (with ls -d DOMAINNAME > FILE for example).  This was  tested
    on  aix  4.2.0,  4.2.1  and  4.1.1,  where  nslookup  is installed
    suid-root by default.

SOLUTION

    This problem  can be  alleviated by  removing the  set-user-id bit
    from the "nslookup"  program.  Removing  the set-user-id bit  will
    not result  in lost  functionality unless  /etc/resolv.conf exists
    and is not world-readable.  Official fix is:

        AIX 4.1........... APAR - IX71464
        AIX 4.2........... APAR - IX70815