i5/OS and OS/400 TCP/IP Vulnerability Surfaces
July 16, 2007 Timothy Prickett Morgan
The U.S. Department of Homeland Security may not be able to fill thousands of posts in its organization, but the department’s National Cyber Security Division is on top of things. Last week, the National Vulnerability database maintained by the DHS division reported that there is a vulnerability in several OS/400 and i5/OS releases relating to the TCP/IP stack.
According to the report, which you can read here, OS/400 V4R2 through OS/400 V5R3 have a vulnerability in their TCP/IP stack such that when the stack is pinged with TCP SYN-FIN combinations to cause the TCP/IP stack to respond and therefore potentially open up the machine to remote viewing of system information by hackers and even possibly allowing them to bypass firewall rules to gain access to the machine. Authentication on the system is not required to make use of this exploit and it can obviously be exploited over network connections.
The current release of the iSeries and System i operating system, i5/OS V5R4, was not cited as being susceptible to this vulnerability.
IBM was not only aware of the problem, but has issued a PTF patch for OS/400 V5R2 and V5R3. You can see IBM’s statement about the vulnerability and find out what PTFs to download here. If you are on earlier releases of OS/400, it is unclear what your options are. Upgrading to OS/400 V5R2 or V5R3 is probably a good idea, and trying to get onto a machine that supports i5/OS V5R4 is probably an even better idea–particularly if your iSeries or System i machine is on the Web.