copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2013.0323 - [z/OS] IBM Rational Developer: Execu...
 

ESB-2013.0323 - [z/OS] IBM Rational Developer: Execute arbitrary code/commands - Remote/unauthenticated
Date: 05 March 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0323
   V8.5.1: UK91676 PTF for Rational Developer for System z Host Options
                               5 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational Developer
Publisher:         IBM
Operating System:  z/OS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg24034401

- --------------------------BEGIN INCLUDED TEXT--------------------

V8.5.1: UK91676 PTF for Rational Developer for System z Host Options

Document information

Rational Developer for System z

Software version:
8.5.1

Operating system(s):
z/OS

Reference #:
4034401

Modified date:
2013-02-22

Abstract

Fix for IBM Rational Developer for System z 8.5.1 Host Options, FMID HHOP850

Download Description

PTF UK91676 fixes a vulnerability in IBM Rational Developer for System z which 
could allow remote attackers to execute arbitrary commands via unknown vectors 
(APAR PM81945).

Supporting Documentation

Document			Description
Program Directory		Click to open the Program Directory.
Host Configuration Guide	Click to open the Host Configuration Guide.
Information Center		Click to review the information center.
Client component		Click to review the download information for the
				Rational Developer for System z client component.

Installation Instructions

1. Download and extract ibm.hhop850.uk91676.zip from Fix Central
2. Follow the instructions provided in ibm.hhop850.uk91676.instructions.html

URL			LANGUAGE		SIZE(Bytes)
Install instructions	English			4742

Download package

Download	RELEASE DATE	LANGUAGE   SIZE(Bytes)	Download Options 
							What is Fix Central (FC)?
PTF UK91676	21 Feb 2013	English	   113053	FC

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUTWbF+4yVqjM2NGpAQI0VA//f29au/PhUUIAXyTMJlmESZ5NBRilaiTL
NgpSkKpVeOhHpy+R4GFNrAnNL+we6mcQEQBdrD01KlrPfTQm2ZCg5YswdWehl8Da
1dJoloo88rOD0Ca4AV+nLtPb0h4p/Q49lI+fhaeyoopqUSEaLvPxrnPdA7dcsBa3
Dc9EOL0e5v3j7yKd9Ss7XSRgeF6IULDndu/Te04GjysX7Pf4UJZ0PWu4/7IVbG0D
4QQZC+SdzjuFFUHk9xOd1VNq2unRvpryn/1LnUZUMUdkyccQbQ1Vx2Pf0D1u8SMm
0kvLWEph5as8uM8pOEhTRgSPV+s155lm7shgSj8wV0ZR6TDuyufqgWBnEQrP7Ta7
MBMCp/hnp2FTG8zNPujC8gYwRya0ax/qWJLcvK0RTEfTHQE2+CossIgmrWjHdgRJ
fodnNPKfQ0yyi4CIF+P9SkcjvD+yTl9oOGrvUFKX52GrSc22pc9+MZ+2bnl2YNfc
WEJRa7Q0J2d1LEf+iOLS7xctY/z7uEITH6Nfqx1VDX3ygA9t2G8da4HGU4X0JCF8
6heRod4l074FL0Zbcy1SVki9xoLPHiR3LaChMSoim2JBP8TNw4b9+qm0JeghAjQA
qgmbJkXJHT7aqWzE0QQl6NcBxtT9yoOm2PiPXRjKKMjdoPnKnOuMAW9q5F2agPA8
D3MC4WTFIBo=
=8v6n
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=17132