APAR status
Closed as program error.
Error description
UCM-CQ on Linux/AIX: user login credentials in plain-text by ps -ef command Was Reproduced in house, on 7.0.1.2. Note the customer is on 7. 0.1.1 iFix02 Steps to Repro' 1. So I brought up xclearcase on AIX 2. During a 'checkout' I selected the 'new' button to create a n ew UCM baseActivity record. 3. At that point I saw the following process running (it shows t he database username and password in cleartext). 4.The customer reproduced this with -cmd find (probably trying t o search for all activities or something like that).. so I'm sur e there are more cases that just submit where we are passing thi s data. Did this on both AIX and Linux. The in house repro output is: judyh 22598 27544 90 17:29:21 pts/2 0:01 /opt/rational/clearqu est/aix4_power/bin/../../../common/java/jre/bin/java -cp /opt/ra tional/clearquest/rcp/plugins/com.ibm.rational.clearquest.ucm.rc p_7.0.0/ucmrcp.jar com.ibm.rational.clearquest.ucm.cmdline.UCMCm dLine -cmd submit -m 7.0.0 -d judy -u judy -p cag -rec BaseCMAct ivity -return_id /tmp/tmp28807
Local fix
Problem summary
A security vulnerability exists in ClearCase version 7.
Problem conclusion
A fix is available in ClearCase versions 7.0.0.5, 7.0.1.4, and 7.1.0.1.
Temporary fix
Comments
APAR Information
APAR number
PK75832
Reported component name
CLEARCASE UNIX
Reported component ID
5724G2901
Reported release
60L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-11-17
Closed date
2009-04-08
Last modified date
2009-04-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARCASE UNIX
Fixed component ID
5724G2901
Applicable component levels
R60L PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.L","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 April 2009