× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Since the agreement seems to be that CA itself has what could be considered a 
vulnerability, I submitted the following as APAR: 85274,082.

The following post to bugtraq:                                          
http://www.securityfocus.com/archive/1/394058                           
                                                                        
While not accurate and somewhat misleading does in fact discuss a       
vulnerability in the iSeries Access for Windows PC5250 emulation        
program.                                                                
                                                                        
As far as I know, as a user of iSeries Access for Windows PC5250        
emulation if I ever needed to connect to an "untrusted" iSeries         
system there is no way for me to prevent the "untrusted" iSeries        
system from running a arbitrary command on my PC.                       
                                                                        
I believe at minimum, the PC5250 emulation program should allow a       
user to turn off the acceptance of commands sent via STRPCCMD.  In      
addition, perhaps the default setting should be off. 


Charles Wilt
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121
 



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.