Just to rule out the possibility that someone has removed and replaced
the passwd command, you should verify the checksum of the passwd
command:

cksum `which passwd`

Compare this with the original checksum. That's one possibility.