-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : CERT-NL (Rene Ritzen)                      Index  :    S-93-17
Distribution  : World                                      Page   :          1
Classification: External                                   Version:      Final
Subject       : Vulnerabilities in VM/CMS and VM/CMS ESA   Date   :  31-Aug-93
==============================================================================


CERT-NL has received information concerning a vulnerability in the DMSDDL
command (NETDATA command after release 5).
This vulnerability affects release 4 through 8 of IBM's VM/CMS and VM/CMS ESA
operating systems.
CERT-NL recommends to any sites running CMS versions 4 through 8 to
immediately take corrective action.
This vulnaribility is fixed by IBM. Fixes can be obtained by contacting your
local IBM Software Service Representative. Customers using VM/CMS SP5 or SP6
should reference Authorized Program Analysis Report (APAR) number VM54148.
Customers using VM/CMS ESA should reference APAR number VM54760.
Program Trouble Fixes (PTFs) which correct the problem for the respective
release can be requested in this way.

- ---------------------------------------------------------------------------

I.   Description

     Under certain circumstances the command:

                     DMSDDL RECEIVE TEMPFILE CMSUT1 D1

     is a serious vulnerability.
     It allows anyone to replace any file with a self-specified filename on
     the minidisk of the "service machines", which are accepting files from the
     spool.

     Note: the DMSDDL command was renamed to NETDATA with CMS release 6, but
     the problem must be reported for CMS release 5 so that it can be
     sysrouted to all versions of CMS. The problem has been observed on all
     versions of CMS from 4 to 8.

II.  Impact

     This vulnaribility makes it possible to corrupt critical files

III. Solution

     Obtain and install the PTFs mentioned above

- ---------------------------------------------------------------------------
CERT-NL wishes to thank part of the EARN-NOG (Network Operations Group) for
informing us of these vulnerabilities.

CERT-NL wishes to thank Tom Russell and Julie L. Craft from IBM for their
response to this problem.
- ----------------------------------------------------------------------------

==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6WBzSYjBqwfc9jEQL9QQCfcTp7NxREzG3v/kPAJk2MIweVtV0AoNhL
FJX6unNMU/2nmjcjaVwXFBNx
=LxXG
-----END PGP SIGNATURE-----