Fixes are available
APAR status
Closed as program error.
Error description
The customer uses the PCOM emulator via the Remote Desktop connection. Env: Local PC Windows7 Remote PC Windows7 Pcom 6.0.17 The customer found the "C:\temp\pcsnp_init.log" file with Remote PC. This file included the Plain Text Password. Is there the any way not to generate this file?
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Users connecting remotely to systems where IBM Personal * * Communications is installed. * **************************************************************** * PROBLEM DESCRIPTION: * * When the user remotely logs into the computer which has PCOM * * installed then a potential security vulnerability is * * detected. * **************************************************************** * RECOMMENDATION: * **************************************************************** Security vulnerability bearing CVEID: CVE-2016-0321 was addressed in IBM Personal Communications v 12.0.0.1 and v6.0.17. Ref: http://www.ibm.com/support/docview.wss?uid=swg21981692 With this fix, another defect was noticed where a residual log file was left on the system, which was a potential security concern. This occurred only when a user remotely "accessed" / "reconnected to" a system which the user had already been logged in, where IBM Personal Communications was installed. However, the problem would not occur upon a "fresh logon" to a remote system.
Problem conclusion
Network Provider module of PCOM was found to be executed even when a user reconnected to a system remotely. Code changes were made to ensure that the network provider module (pcsnp.dll) is executed only upon a fresh logon to a Windows system. Fix scheduled for PCOM 12.0.2.0 and PCOM 6.0.19 Refresh Packs
Temporary fix
Comments
APAR Information
APAR number
IT18891
Reported component name
PCOMM COMBO-ENG
Reported component ID
5639I7000
Reported release
601
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-01-18
Closed date
2017-02-23
Last modified date
2018-11-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
PCSNP
Fix information
Fixed component name
PCOMM COMBO-ENG
Fixed component ID
5639I7000
Applicable component levels
R60G PSY
UP
RC00 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSEQ5Y","label":"Personal Communications"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
15 November 2018