4.4

CVE-2007-2063

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SshTectia Server Editionibm_zos Version <= 5.3.0
SshTectia Server Version5.0 Editionibm_zos
SshTectia Server Version5.1.0 Editionibm_zos
SshTectia Server Version5.2.0 Editionibm_zos
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.216
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/34998
http://secunia.com/advisories/24916
Patch
Vendor Advisory
http://securitytracker.com/id?1017913
http://www.osvdb.org/35014
http://www.securityfocus.com/bid/23508
http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt
http://www.vupen.com/english/advisories/2007/1414
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33699