COMMAND

    sadc(1M)        (/usr/lib/sa/sadc)
    Supplied with SYS V accounting utilities

SYSTEMS AFFECTED

    SCO Unix System V/386 Release 3.2 Versions 4.2, 4.1, and 4.0
    (suid root)
    SCO Open Desktop Lite Release 3.0 (suid root)
    SCO Open Desktop Release 3.0 and 2.0 (suid root)
    SCO Open Server Network System Release 3.0 (suid root)
    SCO Open Server Enterprise System Release 3.0 (suid root)
    SVR4/i386 4.0.3         (sgid sys)
    A/UX 2.0.1              (sgid sys)

PROBLEM

    sadc(1M)  can  be  used  to  create  files  in normally unwritable
    directories.   sadc   normally  runs  egid   sys,  and   therefore
    can be used to create files in group sys writeable directories.

    SCOs sadc  runs euid  root, and  therefore can  be used  to create
    files anywhere on the filesystem.

SOLUTION

    Contact your vendor for a fix.   In the meantime, limit access  to
    sadc by changing mode on /usr/lib/sa.