Lucene search

[email protected]CVE-2005-0868

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0868

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

108

cve-2005-0868

as/400

telnet

terminal emulation

ibm client access

bosanova

powerterm

mochasoft

strpco

strpccmd

rexec

nvd

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

CPENameOperatorVersion
mochasoft:tn5250mochasoft tn5250eq*
powerterm:interconnectpowerterm interconnecteq*
ibm:client_accessibm client accesseq*
bosanova:launcher400bosanova launcher400eq*

CPE	Name	Operator	Version
mochasoft:tn5250	mochasoft tn5250	eq	*
powerterm:interconnect	powerterm interconnect	eq	*
ibm:client_access	ibm client access	eq	*
bosanova:launcher400	bosanova launcher400	eq	*

References

marc.info/?l=bugtraq&m=111160242803070&w=2

www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2005-0868

cbl_mariner1