× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2002

RE: BugTraq Exploit for OS/400

Yes, but with a true 5250 mentality, LMTCPB user cannot run the DSPLIB QSYS
command.  This sysreq gives them that command.

Yes this is considered a vulnerability.  For instance many shops create
user profiles with the following parameters:
CRTUSRPRF PASSWORD(*USRPRF) PWDEXP(*YES)
If I use the option 5 to display the objects in the library and then use
option "5=Display full attributes" I may find that the create and change
date are the same.  Let me try that user profile to hack in.  And maybe
that one has a higher clearance than the one I am using.

Not a huge hole because the user already has some access and maybe these
unused ones are not very high security people.

Rob Berendt
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
Benjamin Franklin



                    "Dan Bale"
                    <dbale@samsa.com>         To:     <midrange-l@midrange.com>
                    Sent by:                  cc:
                    midrange-l-admin@mi       Fax to:
                    drange.com                Subject:     RE: BugTraq Exploit 
for OS/400


                    02/25/2002 01:40 PM
                    Please respond to
                    midrange-l






Umm, this "vulnerability" is nothing new, TMK, every OS/400 vrm has this
"vulnerability".  Certainly, you don't need SysReq-3-13-5 to do that.  From
any command line:  DSPLIB QSYS.  Most menu-restricted users have access to
a
command line from Attn-F9 (Operational Assistant Menu).

Is knowledge of user ID's generally considered to be a "vulnerability"?
Why/how would this be considered a "configuration error"?

- Dan Bale

-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com]On Behalf Of Fritz Hayes
Sent: Monday, February 25, 2002 12:52 PM
To: MIDRANGE-L@midrange.com
Subject: BugTraq Exploit for OS/400


Bugtraq at SecurityFocus.com has reported (2/8/02) a vulnerability to
OS/400 saying with the right system request, the op sys will display all
active User accounts.  Check it out at:

http://online.securityfocus.com/bid/4059

They have classified the problem, IMHO, correctly as a configuration
error.

Interesting to note that this is the only reported Bugtraq for OS/400.

Best Regards

Fritz Hayes
Atwater Associates

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.