CVE-2007-2063

Name of the Vulnerable Software and Affected Versions SSH Tectia Server for IBM z/OS versions prior to 5.4.0

Description The issue concerns insecure world-writable permissions. Specifically, it involves (1) the server pid file, which allows local users to cause arbitrary processes to be stopped. Additionally, when the BPX BATCH UMASK environment variable is missing, the software creates HFS files with insecure permissions. This allows local users to read or modify these files, potentially having other unknown impacts.

Recommendations For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider setting appropriate permissions for the server pid file and ensuring the BPX BATCH UMASK environment variable is properly set to prevent insecure HFS file creation. Restrict access to the server pid file and HFS files to minimize the risk of exploitation.