AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

IBM Client Application Access and Notes Elevation of Privilege Vulnerability (CNVD-2018-03879)

IBM Client Application Access and IBM Notes are both products of IBM Corporation in the U.S. IBM Client Application Access is a set of tools for accessing local applications.IBM Notes is a set of collaborative office software. An elevation of privilege vulnerability exists in IBM Client Applicati...

CVE-2005-0868

CVE-2005-0868 affects AS/400 Telnet 5250 terminal emulation clients, including IBM client access, Bosanova, PowerTerm, Mochasoft (and possibly others). The root issue allows a malicious AS/400 server to execute arbitrary commands by sending a STRPCO (Start PC Organizer) command followed by STRPCC...

CVE-2005-0868

AS/400 Telnet 5250 terminal emulation clients, as implemented by 1 IBM client access, 2 Bosanova, 3 PowerTerm, 4 Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO Start PC Organizer command followed by STRPCCMD Start PC command, a...