• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • i5/OS and OS/400 TCP/IP Vulnerability Surfaces

    July 16, 2007 Timothy Prickett Morgan

    The U.S. Department of Homeland Security may not be able to fill thousands of posts in its organization, but the department’s National Cyber Security Division is on top of things. Last week, the National Vulnerability database maintained by the DHS division reported that there is a vulnerability in several OS/400 and i5/OS releases relating to the TCP/IP stack.

    According to the report, which you can read here, OS/400 V4R2 through OS/400 V5R3 have a vulnerability in their TCP/IP stack such that when the stack is pinged with TCP SYN-FIN combinations to cause the TCP/IP stack to respond and therefore potentially open up the machine to remote viewing of system information by hackers and even possibly allowing them to bypass firewall rules to gain access to the machine. Authentication on the system is not required to make use of this exploit and it can obviously be exploited over network connections.

    The current release of the iSeries and System i operating system, i5/OS V5R4, was not cited as being susceptible to this vulnerability.

    IBM was not only aware of the problem, but has issued a PTF patch for OS/400 V5R2 and V5R3. You can see IBM’s statement about the vulnerability and find out what PTFs to download here. If you are on earlier releases of OS/400, it is unclear what your options are. Upgrading to OS/400 V5R2 or V5R3 is probably a good idea, and trying to get onto a machine that supports i5/OS V5R4 is probably an even better idea–particularly if your iSeries or System i machine is on the Web.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 27 -- July 16, 2007

    Sponsored by
    Rocket Software

    Two Steps Forward, No Steps Back

    For over 35 years, Rocket Software’s solutions have empowered businesses to modernize their infrastructure, unlock data value, and drive transformation – all while ensuring modernization without disruption.

    LEARN MORE

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: More Info on SAVSYSINF, Green-Screen Printing, Performance PTFs, and Batteries IBM Buys HA and Data Replication Software Maker DataMirror

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 27

This Issue Sponsored By

    Table of Contents

    • Study Ranks IT Competitiveness By Country
    • InfiniBand Gear Maker Voltaire to Go Public
    • Infor Expands Offerings in IBM’s System i Vertical Industry Program
    • Vision Solutions Partners with Asian Banking ISV Silverlake Group
    • Aldon Inks Agreement with Nordic Distributor
    • Study Ranks IT Competitiveness By Country
    • i5/OS and OS/400 TCP/IP Vulnerability Surfaces
    • Mad Dog 21/21: To Avatar and Avatar Not
    • System i Skills: Building Bridges Over the Generation Gap
    • Another i5 Pricing Tweak: No User Cap on i5 515s

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • Liam Allan Shares What’s Coming Next With Code For IBM i
    • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
    • VS Code Will Be The Heart Of The Modern IBM i Platform
    • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
    • IBM i PTF Guide, Volume 27, Number 25
    • Meet The Next Gen Of IBMers Helping To Build IBM i
    • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
    • Will Independent IBM i Clouds Survive PowerVS?
    • Now, IBM Is Jacking Up Hardware Maintenance Prices
    • IBM i PTF Guide, Volume 27, Number 24

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2025 IT Jungle