|
|
| |
| A security vulnerability in IBM AS/400's Firewall allows a remote attacker to launch a Denial of Service against it, effectively shutting down all network access. |
| |
Credit:
The information has been provided by Luc VIVIER.
|
| |
The Attack:
From the secure side of the Firewall, a telnet to port 80 (if proxy is used) or 2001 (Web administration) can cause a crash of the application firewall by typing GET and pressing enter.
There is no circumvention; administrators will have to shutdown and restart the application.
Information about this APAR (SA90544):
http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/ 5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Vendor Response:
This problem is being closed as a permanent restriction because:
1. The problem has existed for a very long time and has only recently been discovered.
2. The problem can only be caused by someone behind the Firewall.
3. The AS/400 Firewall product is near end of life.
|
|
|
|
|
|
|
|
