IBM ClientAccess Toolbar Execute Arbitrary Program

1998-04-01T00:00:00
ID OSVDB:3100
Type osvdb
Reporter OSVDB
Modified 1998-04-01T00:00:00

Description

Vulnerability Description

IBM ClientAccess has a flaw that permits a local user to execute any program on the machine, regardless of security policy or restrictions. The issue is due to the ClientAccess toolbar and a lack of policy enforcement which lets any user choose "add item", specify the path to a program, and excute it.

Technical Description

The "Client Access Family" is now called "iSeries Access Family"

Solution Description

Upgrade to any version under the "iSeries Access" name, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IBM ClientAccess has a flaw that permits a local user to execute any program on the machine, regardless of security policy or restrictions. The issue is due to the ClientAccess toolbar and a lack of policy enforcement which lets any user choose "add item", specify the path to a program, and excute it.

References:

Mail List Post: http://archives.neohapsis.com/archives/ntbugtraq/1998/msg00097.html Generic Informational URL: http://www-1.ibm.com/servers/eserver/iseries/access/