QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0868

Published: Mar 26, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf

x_refsource_MISC

20050323 Backdoors in AS/400 emulations allow the server to attack connected PC workstations

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.