I had an auditor have a similar finding on a device console (can't remember if it was HMC, Shark, or what). I sent it to the IBM support center. There response was that the box, OS, and applications comprised a proprietary piece of equipment that had little customer configuration capability. Any changes could invalidate warranty and service contract of the PC and the associated hardware (processor, DASD, etc.). If a proven security issue was found, IBM would address it, but not the potential results of a scan.
Dennis Roach GHG Corporation Lockheed Martin Mission Services Facilities Design and Operations Contract Strategic Technical Engineering NASA/JSC Address: 2100 Space Park Drive LM-15-4BH Houston, Texas 77058 Mail: P.O. Box 58487 Mail Code H4C Houston, Texas 77258-8487 Phone: Voice: (281)336-5027 Cell: (713)591-1059 Fax: (281)336-5410 E-Mail: dennis.ro...@lmco.com All opinions expressed by me are mine and may not agree with my employer or any person, company, or thing, living or dead, on or near this or any other planet, moon, asteroid, or other spatial object, natural or manufactured, since the beginning of time. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Ray Overby >> >> Todd Burrell wrote: >>> I got the following info from one of our security folks today about a > potential >>> security exposure with the HMC. Is it valid that the HMC has a RIP >>> listener >>> active, or could I potentially turn it off? Any info about this would be > helpful >>> so I can get the security scan group off my back. Here was the decription > of >>> the violation: >>> >>> Synopsis : >>> >>> Routing tables can be modified. >>> >>> Description : >>> >>> The remote RIP listener accepts routes that are not sent by a >>> neighbor. >>> >>> This cannot happen in the RIP protocol as defined by RFC2453, and >>> although the RFC is silent on this point, such routes should probably >>> be ignored. >>> >>> A remote attacker might use this flaw to access the local network if >>> it is not protected by a properly configured firewall, or to hijack >>> connections. >>> >>> Solution : >>> >>> Either disable the RIP listener if it is not used, use RIP-2 in >>> conjunction with authentication, or use another routing protocol. >>> >>> Risk Factor : >>> >>> High / CVSS Base Score : 7.5 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
