CVE-2007-2063

high

Description

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33699

http://www.vupen.com/english/advisories/2007/1414

http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt

http://www.securityfocus.com/bid/23508

http://www.osvdb.org/35014

http://securitytracker.com/id?1017913

http://secunia.com/advisories/24916

http://osvdb.org/34998

Details

Source: Mitre, NVD

Published: 2007-04-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00052