Lucene search

PRIOn knowledge basePRION:CVE-2007-2063

HistoryApr 18, 2007 - 3:19 a.m.

Design/Logic Flaw

2007-04-1803:19:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

CPENameOperatorVersion
tectia_serverle5.3.0
tectia_servereq5.0 ibm-zos
tectia_servereq5.1.0 ibm-zos
tectia_servereq5.2.0 ibm-zos

Name	Operator	Version
tectia_server	le	5.3.0
tectia_server	eq	5.0 ibm-zos
tectia_server	eq	5.1.0 ibm-zos
tectia_server	eq	5.2.0 ibm-zos

References

osvdb.org/34998

secunia.com/advisories/24916

securitytracker.com/id?1017913

www.osvdb.org/35014

www.securityfocus.com/bid/23508

www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt

www.vupen.com/english/advisories/2007/1414

exchange.xforce.ibmcloud.com/vulnerabilities/33699

6.8 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2007-2063

cve1