10 matches found
EUVD-2007-2058
Malware in sbrugna...
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...
Continuous Security Hardening and Monitoring for IBM® z/OS® Mainframes and Databases Using Qualys Policy Compliance
Mainframes are a key infrastructure component for many enterprises worldwide. Arguably the most secure, reliable, and efficient computing platform, mainframes hold some 70% of the worlds business-critical data. Even though they are highly secure and resilient, it’s a common misconception that...
CVE-2008-5161
Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...
PT-2008-1137
Name of the Vulnerable Software and Affected Versions SSH Tectia Client and Server and Connector versions 4.0 through 4.4.11 SSH Tectia Client and Server and Connector versions 5.0 through 5.2.4 SSH Tectia Client and Server and Connector versions 5.3 through 5.3.8 SSH Tectia Client and Server and...
CVE-2007-2063
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
Design/Logic Flaw
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
CVE-2007-2063
SSH Tectia Server for IBM z/OS is affected up to version 5.3.x; prior releases, before 5.4.0, use insecure world-writable permissions for (1) the server pid file, enabling local users to stop arbitrary processes, and (2) when _BPX_BATCH_UMASK is missing, HFS files with insecure permissions, allow...
CVE-2007-2063
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for 1 the server pid file, which allows local users to cause arbitrary processes to be stopped, or 2 when BPXBATCHUMASK is missing from the environment, creates HFS files with insecure permissions, which allows...
SSH Tectia Server for IBM z/OS本地权限提升漏洞
SSH Tectia客户端/服务器解决方案是基于Secure Shell技术的多平台点到点通讯安全解决方案,SSH Tectia Server for IBM z/OS是其中的一个产品模块。 SSH Tectia Server安装文件时设置了不安全的访问权限,本地攻击者可能利用此漏洞提升自己的权限。 SSH Tectia Server for IBM z/OS以完全可写的权限创建文件和目录,因此本地用户可以删除、控制或替换某些文件,获得权限提升。 SSH Communications Security SSH Tectia Server for IBM z/OS 5.4.0...