COMMAND

    xdat

SYSTEMS AFFECTED

    AIX 4.1, 4.2

PROBLEM

    The "xdat" command shipped with  AIX version 4 does not  check the
    length of  the "TZ"  environment variable.   This command  was not
    shipped with AIX 3.2.  In that way local users may become root.

SOLUTION

    Remove the setuid bit or apply one of the official fix:

        AIX 4.1:  IX72020
        AIX 4.2:  IX72021

    A temporary fix is available via anonymous ftp from:

        ftp://testcase.software.ibm.com/aix/fromibm/security.xdat.tar.Z

    This fix has not been fully regression tested but does prevent the
    TZ environment variable exploit.   If the new executable fails  to
    load  due  to  missing  symbols,  the  following APARs may help to
    resolve the prerequisites:

        AIX 4.1:  IX69580
        AIX 4.2:  IX69180