Another i5/OS-i Security Vulnerability Surfaces
June 16, 2008 Timothy Prickett Morgan
You have to work pretty hard to find a security vulnerability in the OS/400, i5/OS, and i operating systems, and according to a posting from computer security research and development company Secunia last week, to find the latest one, you have to look in a very unlikely place: the system modem.
According to a Secunia advisory published last week, a security vulnerability in an operating system module with the name BrSmRcvAndCheck, which can apparently be exploited to cause a buffer overflow when running diagnostics on the modem port. Secunia rated this as a “less critical” patch when it issued its report on June 11 regarding the vulnerability, and said further that it would have an “unknown impact.” Which presumably means precisely what it says: That IBM has not been clear about the impact.
The important thing, according to an IBM update on the matter is that the flaw has been patched. And in that report on the matter, IBM said that a task halt during IPL exploiting this vulnerability could cause a buffer overflow during the modem diagnostics, which in turn causes and error that then forces a main memory dump. IBM says that it has tweaked the microcode in the affected i5/OS and i platforms that are affected by this vulnerability, which includes i5/OS V5R4 and V5R4M5 and the new i 6.1. Get your PTFs handy.