COMMAND

    /usr/sbin/portmir

SYSTEMS AFFECTED

    AIX 4.2.1

PROBLEM

    Several  vulnerabilities  exist  in  the  portmir command that can
    allow local users  to become root  - buffer overflow  and insecure
    log files.   This command was  added in 4.2.1;  therefore, 4.1 and
    3.2 are not vulnerable.  Local users can become root.

SOLUTION

    You can alleviate the problem until APARs can be applied by
    removing suid bit from portmir command.  Official fix is:

        APAR - IX71795