APAR status
Closed as program error.
Error description
the ftp server is vulnerable to a ftp bounce attack which allows a user to use the ftp server to port scan another server via the PORT command.
Local fix
Problem summary
ftp server had the vulnerability that allowed a foreign server a way to scan for open ports on a remote host. (ftp bounce)
Problem conclusion
restrict the PORT command to perform requests to the connected ip address.
Temporary fix
Comments
APAR Information
APAR number
IO21944
Reported component name
IBM 4690 OS V6
Reported component ID
5639P7000
Reported release
301
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-08-25
Closed date
2014-09-11
Last modified date
2014-09-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
FTPCMD
Fix information
Fixed component name
IBM 4690 OS V6
Fixed component ID
5639P7000
Applicable component levels
R301 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SOULYT","label":"Point of Sale Software->4690 Operating System"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"301","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
11 September 2014