IC90788: (SEAS) PEN TEST: H-001 OS COMMAND EXECUTION VIA COMMAND LINE ADAPTER

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • H-001 OS Command Execution via Command Line Adapter
    Restrict Access to Executing Commands
    

Local fix

  • STRRTC - 367240
    DE/RJ
    Circumvention:
    Update to latest SEAS Build
    

Problem summary

  •  SEAS allows the administrator to configure an OS command to be
    run as part of the authentication process. A malicious internal
    user who has access to the application and who has
    administration privileges could configure the system to issue
    arbitrary Operating System commands, which could affect the
    confidentiality, integrity and availability of the system.
    Support has no record of any Customer using this feature.
    

Problem conclusion

  • Removed the option to configure an OS command to be run as part
    of the authentication process.
    

Temporary fix

  • Removed the option from the SEAS screens to run an OS command.
    

Comments

  • Fix included in SEAS3412 iFix2.
    

APAR Information

  • APAR number

    IC90788

  • Reported component name

    STR SECURE PROX

  • Reported component ID

    5725D0300

  • Reported release

    341

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-03-12

  • Closed date

    2013-05-01

  • Last modified date

    2013-05-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR SECURE PROX

  • Fixed component ID

    5725D0300

Applicable component levels

  • R341 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Sterling Secure Proxy

Software version:

341

Reference #:

IC90788

Modified date:

2013-05-01

Translate my page

Machine Translation

Content navigation