CVE - CVE-2007-2063

CVE-ID
CVE-2007-2063	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:23508 URL:http://www.securityfocus.com/bid/23508 CONFIRM:http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt OSVDB:34998 URL:~~http://osvdb.org/34998~~ (Obsolete source) OSVDB:35014 URL:~~http://www.osvdb.org/35014~~ (Obsolete source) SECTRACK:1017913 URL:http://securitytracker.com/id?1017913 SECUNIA:24916 URL:http://secunia.com/advisories/24916 VUPEN:ADV-2007-1414 URL:~~http://www.vupen.com/english/advisories/2007/1414~~ (Obsolete source) XF:ssh-tectia-pid-hfs-privilege-escalation(33699) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33699
Assigning CNA
MITRE Corporation
Date Record Created
20070417	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070417)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)