× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2002

Re: BugTraq Exploit for OS/400

(a little late to the discussion)

I find it "good" that BugTraq published an Os/400
problem. We want sites like cert.org, sans.org
and bugtraq to recognize that security warnings
should include the iSeries. When the snmp problem
hit cert.org a few weeks ago, IBM only responded
for the AIX os. We were left in the dark for many days
(and in case you never heard, Rochester will be issueing ptfs to
fix some snmp problems in OS400).
We keep harping that iSeries can be a major player
in the computing world. Well, the rest of the world
sees the listing of all the user accounts on a system
as a bug! And this ain't the only one.
btw - this is IBM's statement on CERT for snmp:
To remain consistent with IBM's standing agreement with our customers who
use zOS and OS/400, IBM asks that these customers contact IBM Service for
information regarding this vulnerability.
<opinion> it shouldn't take a service call to find out!
jim

----- Original Message -----
From: "Fritz Hayes" <fhayes@spiritone.com>
To: <MIDRANGE-L@midrange.com>
Sent: Monday, February 25, 2002 12:51 PM
Subject: BugTraq Exploit for OS/400


> Bugtraq at SecurityFocus.com has reported (2/8/02) a vulnerability to
> OS/400 saying with the right system request, the op sys will display all
> active User accounts.  Check it out at:
>
> http://online.securityfocus.com/bid/4059
>
> They have classified the problem, IMHO, correctly as a configuration
> error.
>
> Interesting to note that this is the only reported Bugtraq for OS/400.
>
> Best Regards
>
> Fritz Hayes
> Atwater Associates
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.