COMMAND

    uucp(1)

SYSTEMS AFFECTED

    UUCP software in  versions of AIX  up to 2007.   The vulnerability
    does not exist in AIX 3.2.

PROBLEM

    Previous versions, except AIX 3.2, of the UUCP software  contained
    incorrectly configured versions of various files.

    Local   users   can   execute   unauthorized   commands  and  gain
    unauthorized root access.

SOLUTION

    IBM is  aware of  this problem,  and a  fix is  available as  apar
    number "ix18516".   This patch is  available for all  AIX releases
    from GOLD to 2006.

    The  fix  is  in  the  2007  update  and  3.2 release of AIX.  IBM
    customers may  call IBM  Support (800-237-5511)  and ask  that the
    fix be shipped to them.  Patches may be obtained outside the  U.S.
    by contacting your local IBM representative.