RE: z/OS, OS/390 Pen testing tips/ideas/papers?

From: Steven Lane (steve.lane@alphacourt.com)
Date: 01/31/03

Next message: Nick Jacobsen: "Identify OS?"

Previous message: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Rainer Duffner: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Steven Lane" <steve.lane@alphacourt.com>
To: "Nick Jacobsen" <nick@ethicsdesign.com>
Date: Fri, 31 Jan 2003 10:56:33 -0000

Nick,

I am focusing on IBM WebSphere MQ security at the moment. One of the most
common platforms that this runs on is OS/390 or z/OS. Since WMQ can be
compromised if the OS is compromised, I am interested in any penetration
test methods or weaknesses that exist in 'big box' security. I would like to
put together an attack tree for z/OS or OS/390 and understand the
vulnerabilities of these systems. I would appreciate it for would forward
anything you find to me or any really good URLs.

Kind Regards

Steve

------------------------------
Steven Lane
Information Security Consultant

Alphacourt Limited
Email: steve.lane@alphacourt.com
www: http://www.alphacourt.com
-------------------------------

-----Original Message-----
From: visigoth [mailto:visigoth@securitycentric.com]
Sent: 30 January 2003 03:09
To: Nick Jacobsen
Cc: pen-test@securityfocus.com
Subject: Re: z/OS, OS/390 Pen testing tips/ideas/papers?

On Tue, Jan 28, 2003 at 05:24:22AM -0800, Nick Jacobsen wrote:
> Hi all,
> One of my clients has an IBM OS/390 running on one of their networks I
> am doing some security testing on, and considering I really have not dealt
> with any IBM mainframes before when it comes to security, I was hoping
that
> some of you might be able to point me the right direction. Anything would
> be helpful, but especially from a penetration viewpoint.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Nick Jacobsen: "Identify OS?"
Previous message: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Rainer Duffner: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IBM PR: PCI Security Compliance Workshop in Maryland
... On June 18 and 19, 2008, IBM will be offering a security-related workshop ... Industry) security standards. ... You should have some working familiarity with Communications Server for ... z/OS and the z/OS Security Server as a prerequisite. ...
(bit.listserv.ibm-main)
IBM AIX 4.3.x and 5.1: Buffer overflow vulnerability in telnet daemon
... Subject: IBM AIX 4.3.x and 5.1: Buffer overflow vulnerability in telnet daemon ... IBM Global Services ... IBM Managed Security Services with access to the security advisories ...
(Bugtraq)
IBM AIX: Buffer Overflow Vulnerability in libi18n Library
... IBM Global Services ... IBM Managed Security Services with access to the security advisories ... IBM MSS is forwarding the following information from IBM. ...
(Bugtraq)
[NEWS] Cisco Voice Products Vulnerabilities on IBM Servers
... Get your security news from a reliable source. ... The default installation of Cisco voice products on the IBM platform will ... * All operating system versions running on an IBM server prior to OS ...
(Securiteam)
IBM AIX: Buffer Overflow Vulnerabilities in lpd
... IBM Global Services ... IBM Managed Security Services with access to the security advisories ... The Line Printer daemon, lpd, shipped with AIX contains several ...
(Bugtraq)