|
Umm, this "vulnerability" is nothing new, TMK, every OS/400 vrm has this "vulnerability". Certainly, you don't need SysReq-3-13-5 to do that. From any command line: DSPLIB QSYS. Most menu-restricted users have access to a command line from Attn-F9 (Operational Assistant Menu). Is knowledge of user ID's generally considered to be a "vulnerability"? Why/how would this be considered a "configuration error"? - Dan Bale -----Original Message----- From: midrange-l-admin@midrange.com [mailto:midrange-l-admin@midrange.com]On Behalf Of Fritz Hayes Sent: Monday, February 25, 2002 12:52 PM To: MIDRANGE-L@midrange.com Subject: BugTraq Exploit for OS/400 Bugtraq at SecurityFocus.com has reported (2/8/02) a vulnerability to OS/400 saying with the right system request, the op sys will display all active User accounts. Check it out at: http://online.securityfocus.com/bid/4059 They have classified the problem, IMHO, correctly as a configuration error. Interesting to note that this is the only reported Bugtraq for OS/400. Best Regards Fritz Hayes Atwater Associates
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.