Subject Vulnerabilities in VM/CMS and VM/CMS ESA Date 31-Aug-93
6df509fdf8339bab03d5f6359f460b73988a7628be04a992b5c76ac7fcc560cb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : CERT-NL (Rene Ritzen) Index : S-93-17
Distribution : World Page : 1
Classification: External Version: Final
Subject : Vulnerabilities in VM/CMS and VM/CMS ESA Date : 31-Aug-93
==============================================================================
CERT-NL has received information concerning a vulnerability in the DMSDDL
command (NETDATA command after release 5).
This vulnerability affects release 4 through 8 of IBM's VM/CMS and VM/CMS ESA
operating systems.
CERT-NL recommends to any sites running CMS versions 4 through 8 to
immediately take corrective action.
This vulnaribility is fixed by IBM. Fixes can be obtained by contacting your
local IBM Software Service Representative. Customers using VM/CMS SP5 or SP6
should reference Authorized Program Analysis Report (APAR) number VM54148.
Customers using VM/CMS ESA should reference APAR number VM54760.
Program Trouble Fixes (PTFs) which correct the problem for the respective
release can be requested in this way.
- ---------------------------------------------------------------------------
I. Description
Under certain circumstances the command:
DMSDDL RECEIVE TEMPFILE CMSUT1 D1
is a serious vulnerability.
It allows anyone to replace any file with a self-specified filename on
the minidisk of the "service machines", which are accepting files from the
spool.
Note: the DMSDDL command was renamed to NETDATA with CMS release 6, but
the problem must be reported for CMS release 5 so that it can be
sysrouted to all versions of CMS. The problem has been observed on all
versions of CMS from 4 to 8.
II. Impact
This vulnaribility makes it possible to corrupt critical files
III. Solution
Obtain and install the PTFs mentioned above
- ---------------------------------------------------------------------------
CERT-NL wishes to thank part of the EARN-NOG (Network Operations Group) for
informing us of these vulnerabilities.
CERT-NL wishes to thank Tom Russell and Julie L. Craft from IBM for their
response to this problem.
- ----------------------------------------------------------------------------
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOL6WBzSYjBqwfc9jEQL9QQCfcTp7NxREzG3v/kPAJk2MIweVtV0AoNhL
FJX6unNMU/2nmjcjaVwXFBNx
=LxXG
-----END PGP SIGNATURE-----