PK75832: UCM-CQ ON LINUX/AIX: USER LOGIN CREDENTIALS IN PLAIN-TEXT BY PS -EF COMMAND
Closed as program error.
UCM-CQ on Linux/AIX: user login credentials in plain-text by ps -ef command Was Reproduced in house, on 18.104.22.168. Note the customer is on 7. 0.1.1 iFix02 Steps to Repro' 1. So I brought up xclearcase on AIX 2. During a 'checkout' I selected the 'new' button to create a n ew UCM baseActivity record. 3. At that point I saw the following process running (it shows t he database username and password in cleartext). 4.The customer reproduced this with -cmd find (probably trying t o search for all activities or something like that).. so I'm sur e there are more cases that just submit where we are passing thi s data. Did this on both AIX and Linux. The in house repro output is: judyh 22598 27544 90 17:29:21 pts/2 0:01 /opt/rational/clearqu est/aix4_power/bin/../../../common/java/jre/bin/java -cp /opt/ra tional/clearquest/rcp/plugins/com.ibm.rational.clearquest.ucm.rc p_7.0.0/ucmrcp.jar com.ibm.rational.clearquest.ucm.cmdline.UCMCm dLine -cmd submit -m 7.0.0 -d judy -u judy -p cag -rec BaseCMAct ivity -return_id /tmp/tmp28807
A security vulnerability exists in ClearCase version 7.
A fix is available in ClearCase versions 22.214.171.124, 126.96.36.199, and 188.8.131.52.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels