COMMAND

    passwd(1)

SYSTEMS AFFECTED

    AIX 3.2 and the 2007 update of AIX 3.1

PROBLEM

    The  passwd  command  contains  a  security  vulnerability.  Local
    users can gain unauthorized root access.

SOLUTION

    IBM is  aware of  this problem,  and a  fix is  available as  apar
    number "ix23505".  Patches are available for AIX 3.2 and the  2007
    update of AIX 3.1.

    This fix may be ordered from  Level 2 support or by anonymous  ftp
    from software.watson.ibm.com (129.34.139.5) on the Internet.

	1. To order from IBM call 1-800-237-5511 and ask that the  fix
	   be shipped.   Patches may be  obtained outside the  U.S. by
	   contacting your local IBM representative.

	2. If you are on the Internet, use anonymous ftp to obtain the
	   fix from software.watson.ibm.com.

	   Patch           Filename                Checksum
	   AIX 3.2         pub/aix3/pas.32.tar.Z   54431  2262
	   AIX 3.1 2007    pub/aix3/pas.31.tar.Z   06703    99

	   Patches should be retrieved using binary mode.

    IBM is currently  incorporating the fix  into the 3.2  version and
    3.1 updates  of AIX.   Future shipments  of these  products should
    not be  vulnerable to  this problem.   If you  have any  questions
    about   products   you   receive,   please   contact   your    IBM
    representative.