× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. June 2000

Re: setsppfp bug

  • Subject: Re: setsppfp bug
  • From: Chuck Lewis <clewis@xxxxxxxxxx>
  • Date: Mon, 12 Jun 2000 08:50:32 +0100
 
Ed,

Thanks for the information !

Have a question about getting these PTF's...

I DON'T show that I have them (we are V4R1) and we have Service Director. I
understand you saying that these are hyper PTF's so is THAT why Service
Director's PTF program didn't send them to us ? And WOULDN'T that be a good
idea to have it do that ?

Thanks !

Chuck



edfishel@us.ibm.com wrote:

> The security team discovered the LOGINP sign-on exposure for the first time
> several months ago.  We felt it was serious enough to fix. The fix was
> shipped to all supported releases at the beginning of February this year.
> If you routinely apply hyper integrity PTFs you probably already have the
> fix on your system.
>
> The PTF for V3R2 was SF60975. The PTFs for V4R1 were SF60976 and SF60977.
> The PTF for  V4R2 was SF60980. The PTF for V4R3 was SF60978. The PTF for
> V4R4 was SF60979.  No PTF was needed for V4R5.
>
> The fix disables the LOGINP function for the input display buffer of
> subsystem monitor jobs.
>
> The reason we ship these types of fixes as hyper integrity PTFs (which
> normally do not describe the problem being fixed) is because we want to
> make the fix available to our customers before we tell the world how those
> customers are exposed. Just because we do not publish the security problems
> does not mean we are practicing security by obsecurity.  We are protecting
> our customers by allowing them to apply the fix before the security
> exposure become general knowledge.  The other side of this coin is that
> customers who care about security and integrity must apply the hyper
> integrity PTFs.
>
> Ed Fishel,
> IBM Rochester
>

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.