|
Since the agreement seems to be that CA itself has what could be considered a vulnerability, I submitted the following as APAR: 85274,082. The following post to bugtraq: http://www.securityfocus.com/archive/1/394058 While not accurate and somewhat misleading does in fact discuss a vulnerability in the iSeries Access for Windows PC5250 emulation program. As far as I know, as a user of iSeries Access for Windows PC5250 emulation if I ever needed to connect to an "untrusted" iSeries system there is no way for me to prevent the "untrusted" iSeries system from running a arbitrary command on my PC. I believe at minimum, the PC5250 emulation program should allow a user to turn off the acceptance of commands sent via STRPCCMD. In addition, perhaps the default setting should be off. Charles Wilt iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.