- /usr/sbin/lquerypv


COMMAND

/usr/sbin/lquerypv

SYSTEMS AFFECTED

AIX


PROBLEM

There may exists a vulnerability in the lquerypv command under
AIX.  Problem is following command:

/usr/sbin/lquerypv -h /etc/security/passwd

You can substitute /etc/security/passwd for any other unreadable
file.  If the program is able to dump the file (maybe in hex) you
got a problem.



SOLUTION

chmod u-s /usr/sbin/lquerypv
IBM said that patch will see light of day.