COMMAND

    /usr/bin/chsh

SYSTEMS AFFECTED

    HP 9000 Series 700/800s running versions of HP-UX 9.X & 10.X

PROBLEM

    There  is   security  vulnerability   in  the   chsh   executable.
    Vulnerabilities  exists   allowing  local   users  to   gain  root
    privileges.

SOLUTION

    Apply patch:

        PHCO_9600 for all platforms with HP-UX releases 9.X
        PHCO_9601 for all platforms with HP-UX releases 10.00/10.01/10.10
        PHCO_9602 for all platforms with HP-UX releases 10.20

    The vulnerability can  be eliminated from  HP-UX releases 9.X  and
    10.X  by  applying  the  appropriate  patch.   Note that the patch
    fixes  /usr/bin/chsh.   Once  installed,  it  is necessary to also
    replace the file /bin/chsh file, which placed there for  backwards
    compatible.