|
(a little late to the discussion) I find it "good" that BugTraq published an Os/400 problem. We want sites like cert.org, sans.org and bugtraq to recognize that security warnings should include the iSeries. When the snmp problem hit cert.org a few weeks ago, IBM only responded for the AIX os. We were left in the dark for many days (and in case you never heard, Rochester will be issueing ptfs to fix some snmp problems in OS400). We keep harping that iSeries can be a major player in the computing world. Well, the rest of the world sees the listing of all the user accounts on a system as a bug! And this ain't the only one. btw - this is IBM's statement on CERT for snmp: To remain consistent with IBM's standing agreement with our customers who use zOS and OS/400, IBM asks that these customers contact IBM Service for information regarding this vulnerability. <opinion> it shouldn't take a service call to find out! jim ----- Original Message ----- From: "Fritz Hayes" <fhayes@spiritone.com> To: <MIDRANGE-L@midrange.com> Sent: Monday, February 25, 2002 12:51 PM Subject: BugTraq Exploit for OS/400 > Bugtraq at SecurityFocus.com has reported (2/8/02) a vulnerability to > OS/400 saying with the right system request, the op sys will display all > active User accounts. Check it out at: > > http://online.securityfocus.com/bid/4059 > > They have classified the problem, IMHO, correctly as a configuration > error. > > Interesting to note that this is the only reported Bugtraq for OS/400. > > Best Regards > > Fritz Hayes > Atwater Associates > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.