|
> -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Shalom Carmel > Sent: Monday, April 25, 2005 6:11 PM > To: midrange-l@xxxxxxxxxxxx > Subject: Re: Recent bugtraq postings > > > About STRPCCMD: > CA is not the only emulation that supports this command. > There are at least 3 more emulations by different vendors > that can be used > in a similar manner: Bosanova, PowerTerm, and Mochasoft. > Because the issue seems to be a generic iSeries 5250 > emulation feature, and > because it works only in conjecture with an iSeries server, > in my opinion it is an iSeries issue, even though it affects > the iSeries > client and not the server. > No. That would be like saying every OS with an available REXEC client has a vulnerability. It's not the REXEC client that could be a problem; it is running a REXEC server. >From the iSeries side STRPCCMD can be quite easily controlled using the built >in object level security. Thus, in a corporate environment this >"vulnerability" is not an issue. It is however an issue in a non-corporate environment where a person is using CA or one of the other emulators with this feature to connect to time share systems or systems on a consulting basis. Charles Wilt iSeries Systems Administrator / Developer Mitsubishi Electric Automotive America ph: 513-573-4343 fax: 513-398-1121
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.