× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Thanks Larry.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of DrFranken
Sent: Monday, January 06, 2014 8:36 PM
To: Midrange Systems Technical Discussion
Subject: Re: Possible iSeries Vulnerability

Not specifically aware of this BUT it would require that you allow direct access to your server from outside your protected network to be vulnerable. Not many of my customers (I can think of exactly 1) have their IBM i servers directly connected to the Internet without a firewall of some sort.

- Larry "DrFranken" Bolhuis

www.frankeni.com
www.iDevCloud.com
www.iInTheCloud.com

On 1/6/2014 8:21 PM, Steinmetz, Paul wrote:

Anyone aware of the possible iSeries Vulnerability and the impact, and fix if available.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5385

Original release date:01/02/2014
Last revised:01/03/2014
Source: US-CERT/NIST
Overview
The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries servers, does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base
Score:8.5<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-5385&ve
ctor=%28AV%3AN/AC%3AL/Au%3AN/C%3AP/I%3AN/A%3AC%29> (HIGH)
(AV:N/AC:L/Au:N/C:P/I:N/A:C)<http://nvd.nist.gov/cvss.cfm?version=2&na
me=CVE-2013-5385&vector=%28AV%3AN/AC%3AL/Au%3AN/C%3AP/I%3AN/A%3AC%29>
(legend<http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2>)
Impact Subscore: 7.8
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit Impact Type:Allows
unauthorized disclosure of information; Allows disruption of service



Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.