× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2003

RE: OS/400 Vulnerability to CERT Advisories

This would be great if only I didn't need to be Houdini to get logged in.
What's so secret that I need to login for this information?

---
Doug Hart
?



>
>
> I would like to publicly thank Patrick Botz and IBM for providing this
> information. Thru midrange-l, Common, and directly with IBM, many
> have been asking for this from IBM. It will make security administration
> and notification to management much more complete.
>
> jim franz
>

>
> >
> > Hi Everyone,
> >
> > I wanted to give you a heads up to some new information that is
> available
> > for you regarding OS/400 and CERT Advisories.
> >
> > Go to:
> > http://www.ibm.com/servers/resourcelink     and sign-in
> > (you can request an ID/pwd for free, but it does require a sign-on)
> >
> > Then select "Problem Solving" from the left-hand navigation panel
> > Then select "Security alerts" (under the Alerts heading)
> >
> > You will see a list of CERT advisories and you can find the OS/400
> position
> > with respect to those advisories.
> >
> > In most cases, you will not see OS/400 responses for things that are
> > clearly not OS/400 related (i.e. CERT advisories for specific
> products or
> > platforms).
> >
> > Here's an example of the screen you'll see:
> >
> >
> >
> >
> >
> >
> >  CERT VU#623217
> >
> >                 Cryptographic weakness in Kerberos Version 4 protocol
> >
> >  · AIX · os400 · xSeries · zOS
> >
> >
> >
> >
> >
> >  CERT VU#673993
> >
> >                 PopTop PPTP Server contains buffer overflow in
> "ctrlpacket.c"
> >
> >   · os/400 · xSeries · zOS
> >
> >
> >
> > Clicking on OS/400 (or os400 or os/400 :-) ) will give you the
> information
> > about if and how OS/400 is affected. If it is affected it will give you
> > information about work arounds or PTFs.
> >
> > I'll give you a hint:  most of the OS/400 responses say "given currently
> > available information, OS/400 is not affected by this vulnerability."
> >
> > Patrick Botz
> > Senior Technical Staff Member
> > eServer Security Architect
> > (507) 253-0917, T/L 553-0917
> > email: botz@xxxxxxxxxx
> >

>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.