Vulnerability Description
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ssh | Tectia Server | <= 5.3.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/34998
- http://secunia.com/advisories/24916PatchVendor Advisory
- http://securitytracker.com/id?1017913
- http://www.osvdb.org/35014
- http://www.securityfocus.com/bid/23508
- http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt
- http://www.vupen.com/english/advisories/2007/1414Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33699
- http://osvdb.org/34998
- http://secunia.com/advisories/24916PatchVendor Advisory
- http://securitytracker.com/id?1017913
- http://www.osvdb.org/35014
- http://www.securityfocus.com/bid/23508
- http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt
- http://www.vupen.com/english/advisories/2007/1414Vendor Advisory
FAQ
What is CVE-2007-2063?
CVE-2007-2063 is a vulnerability with a CVSS score of 4.4 (MEDIUM). SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_...
How severe is CVE-2007-2063?
CVE-2007-2063 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2063?
Check the references section above for vendor advisories and patch information. Affected products include: Ssh Tectia Server.