Re: OSA Express, ZVM TCPIP, and Security

2006-07-20 Thread Richard Troth
Ackerman [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 07/20/2006 01:40 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Alan Ackerman [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Re: OSA Express, ZVM TCPIP

Re: OSA Express, ZVM TCPIP, and Security

2006-07-20 Thread Alan Altmark
On Thursday, 07/20/2006 at 12:40 EST, Alan Ackerman [EMAIL PROTECTED] wrote: To the extent that large parts of the VM TCP/IP stack are written in C, the exposure exists. I'm sure that IBM is well aware of this, and I hope they have found and plugged all such holes, but there can be no

Re: OSA Express, ZVM TCPIP, and Security

2006-07-19 Thread Alan Ackerman
ET (Eric Thomas, the author of the Revised LISTSERV) told me on VMSHARE m any, many years ago that the underlying cause of most buffer overruns is the C language. The basic concept of moving characters until you find a x'00' (or CR or LF) will ALWAYS lead to buffe r overruns. (A number of the

Re: OSA Express, ZVM TCPIP, and Security

2006-07-06 Thread Schuh, Richard
, 2006 5:11 PM To: IBMVM@LISTSERV.UARK.EDU Subject:Re: OSA Express, ZVM TCPIP, and Security What's wrong with the truth? Mainframe code was written by professionals in an architecture that doesn't support such nonsense? From: Rob van der Heij [EMAIL PROTECTED] On 7/6/06, Schuh

Re: OSA Express, ZVM TCPIP, and Security

2006-07-06 Thread Dave Wade
--- Hughes, Jim - OIT [EMAIL PROTECTED] wrote: One of the management types near me is concerned about TCPIP buffer overrun security exposure on our ZVM 5.2 Z890 system. I am not an expert with windows and linux tcpip security exposures. The management type is windows and linux fluent.

Re: OSA Express, ZVM TCPIP, and Security

2006-07-06 Thread Alan Altmark
On Thursday, 07/06/2006 at 04:21 MST, Dave Wade [EMAIL PROTECTED] wrote: --- Hughes, Jim - OIT [EMAIL PROTECTED] wrote: Should I be concerned with buffer overrun security exposures? Despite what others say I personally have seen buffer run security exposures in the VSCS SNA console

Re: OSA Express, ZVM TCPIP, and Security

2006-07-05 Thread David Boyes
One of the management types near me is concerned about TCPIP buffer overrun security exposure on our ZVM 5.2 Z890 system. Should I be concerned with buffer overrun security exposures? If I should not be concerned, how would I go about giving comfort to the concerned management types? 1) The

Re: OSA Express, ZVM TCPIP, and Security

2006-07-05 Thread Rich Greenberg
On: Wed, Jul 05, 2006 at 04:15:04PM -0400,David Boyes Wrote: } One of the management types near me is concerned about TCPIP buffer } overrun security exposure on our ZVM 5.2 Z890 system. } Should I be concerned with buffer overrun security exposures? If I } should not be concerned, how would

Re: OSA Express, ZVM TCPIP, and Security

2006-07-05 Thread Schuh, Richard
Subject:Re: OSA Express, ZVM TCPIP, and Security On: Wed, Jul 05, 2006 at 04:15:04PM -0400,David Boyes Wrote: } One of the management types near me is concerned about TCPIP buffer } overrun security exposure on our ZVM 5.2 Z890 system. } Should I be concerned with buffer overrun security