Lucene search

[email protected]CVE-2007-2063

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-2063

2007-04-1803:19:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-2063

ssh

tectia server

ibm z/os

security vulnerability

nvd

7 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

CPENameOperatorVersion
ssh:tectia_serverssh tectia serverle5.3.0
ssh:tectia_serverssh tectia servereq5.0
ssh:tectia_serverssh tectia servereq5.1.0
ssh:tectia_serverssh tectia servereq5.2.0

CPE	Name	Operator	Version
ssh:tectia_server	ssh tectia server	le	5.3.0
ssh:tectia_server	ssh tectia server	eq	5.0
ssh:tectia_server	ssh tectia server	eq	5.1.0
ssh:tectia_server	ssh tectia server	eq	5.2.0

References

osvdb.org/34998

secunia.com/advisories/24916

securitytracker.com/id?1017913

www.osvdb.org/35014

www.securityfocus.com/bid/23508

www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt

www.vupen.com/english/advisories/2007/1414

exchange.xforce.ibmcloud.com/vulnerabilities/33699

7 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2007-2063

prion1