Hughes, Jim - OIT wrote:
One of the management types near me is concerned about TCPIP "buffer overrun security exposure" on our ZVM 5.2 Z890 system.
Ask them which vendor's TCP/IP stack has this vulnerability they're asking about. Microsoft? Sun? HP?
I am not an expert with windows and linux tcpip security exposures. The management type is windows and linux fluent.
The key point is, the TCP/IP stack on VM does not come from the common code base in the Unix world. IBM (and the University of Wisconsin, many years ago) did not propagate old mistakes.
Should I be concerned with buffer overrun security exposures?
Are you up to date relatively on your TCP/IP service?
If I should not be concerned, how would I go about giving comfort to the concerned management types?
"Hey, I'm good. We're current on service from the vendor, and I keep aware of what my peers elsewhere are finding."