COMMAND

    /usr/sbin/lquerypv

SYSTEM AFFECTED

    AIX

PROBLEM

    There may exists a vulnerability in the lquerypv command under
    AIX.  Problem is following command:

	/usr/sbin/lquerypv -h /etc/security/passwd

    You can substitute /etc/security/passwd for any other unreadable
    file.  If the program is able to dump the file (maybe in hex) you
    got a problem.

SOLUTION

    chmod u-s /usr/sbin/lquerypv
    IBM said that patch will see light of day.
