COMMAND

    WebSphere

SYSTEMS AFFECTED

    IBM WebSphere

PROBLEM

    Martin Peter  found following.   On Solaris  (maybe also  AIX) the
    installation  of  WebSphere  from  IBM  installs  a deinstallation
    shell script  in /usr/bin  with protection  777.   This script  is
    also called  by 'pkgrm',  which has  to be  issued by  root.   The
    script can  therefore be  easily used  for placing  a troian horse
    etc.  Besides this dangerous protection settings, WebSpher  places
    GIF, lst and db files in /usr/bin and all directories of  WebSpher
    are 777.

SOLUTION

    Change permissions...