CVE-2007-2063
NONE EPSS 21.9%
Published Apr 18, 200719y ago · Modified Jun 16, 20262w ago
Published Apr 18, 2007 19y ago
Last Modified Jun 16, 2026 2w ago
Description
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
Threat Intelligence
EPSS Exploit Probability
21.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 4
References 8
- osvdb.org http://osvdb.org/34998
- secunia.com http://secunia.com/advisories/24916
- securitytracker.com http://securitytracker.com/id?1017913
- osvdb.org http://www.osvdb.org/35014
- securityfocus.com http://www.securityfocus.com/bid/23508
- ssh.com http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt
- vupen.com http://www.vupen.com/english/advisories/2007/1414
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/33699
Remediation
- secunia.com http://secunia.com/advisories/24916