Spotted this floating around on a security list;
(If you ignore the fact that you can only really infect yourself, by choosing 
to run the example CLP programs, then it's a nice piece of FUD...)


Backdoors in AS/400 emulations allow the server to attack connected PC 


Nowadays, when working with legacy AS/400 applications, most people use Telnet 
based terminal emulation programs, for example IBM Client Access.

The issue found is using these emulations in an unplanned manner with 
surprising results.


All PC based terminal emulation support a couple of legacy commands called 
STRPCO (Start PC Organizer) and STRPCCMD (Start PC command).

The STRPCO and STRPCCMD commands can be scripted inside AS/400 applications.

These commands accept as an input parameter a string, and attempt to execute 
this string as a command on the connected PC.

When the attempt succeeds, the command is executed under the identity of the PC 

As a result, a malicious AS/400 application can effectively execute an 
arbitrary set of commands on a connected PC.

This problem affects all AS/400 terminal emulations.

Moreover, the IBM supplied terminal emulation is often installed as part of the 
Client Access AS/400 connectivity suite, which by default installs a service 
that provides an rexec daemon on the affected PC. This rexec daemon can be 
activated via the previously mentioned STRPCCMD in a promiscous mode that does 
not require authentication, rendering the PC completely open to remote command 

For full details and sample code please read the following PDF file

Shalom Carmel

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.