Re: Recent bugtraq postings

[Vernon Hamberg <vhamberg@xxxxxxxxxxx>]

Is there a ? in the upper-right hand corner of the window? Click it, then 
click on the option you are interested in. A tooltip window will appear 
with quite a bit of explanatory text.

For more info, InfoCenter will not have much. You need to go to the Client 
(iSeries) Access site

www.iseries.ibm.com/access

None of this is on InfoCenter.

HTH
Vern

At 08:15 AM 4/26/2005, you wrote:

> Since we are talking so much about CA Incoming Remote Cmd, could
> someone explain the options for this in the Client Access Properties.
> I searched the Info Center and could not find an explain.
> My CA Express V5R2 has following check box options related to remote cmd on
> the pc client:
> Security Options:
>     Run as system
>     Cache security
>     Allow generic security
>     Generic security runs command as logged on user
>
> jim
> ----- Original Message -----
> From: "Wilt, Charles" <CWilt@xxxxxxxxxxxx>
> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> Sent: Tuesday, April 26, 2005 7:59 AM
> Subject: RE: Recent bugtraq postings
>
>
> > > -----Original Message-----
> > > From: midrange-l-bounces@xxxxxxxxxxxx
> > > [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Shalom Carmel
> > > Sent: Monday, April 25, 2005 6:11 PM
> > > To: midrange-l@xxxxxxxxxxxx
> > > Subject: Re: Recent bugtraq postings
> > >
> > >
> > > About STRPCCMD:
> > > CA is not the only emulation that supports this command.
> > > There are at least 3 more emulations by different vendors
> > > that can be used
> > > in a similar manner: Bosanova, PowerTerm, and Mochasoft.
> > > Because the issue seems to be a generic iSeries 5250
> > > emulation feature, and
> > > because it works only in conjecture with an iSeries server,
> > > in my opinion it is an iSeries issue, even though it affects
> > > the iSeries
> > > client and not the server.
> > >
> >
> > No.  That would be like saying every OS with an available REXEC client has
> a vulnerability.  It's not the REXEC client that could be a problem; it is
> running a REXEC server.
> >
> > >From the iSeries side STRPCCMD can be quite easily controlled using the
> built in object level security.  Thus, in a corporate environment this
> "vulnerability" is not an issue.
> >
> > It is however an issue in a non-corporate environment where a person is
> using CA or one of the other emulators with this feature to connect to time
> share systems or systems on a consulting basis.
> >
> >
> > Charles Wilt
> > iSeries Systems Administrator / Developer
> > Mitsubishi Electric Automotive America
> > ph: 513-573-4343
> > fax: 513-398-1121
> >
> >
> > --
> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> > To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> > or email: MIDRANGE-L-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/midrange-l.
> >
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.