• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: IBM RACF Profile Updating Privilege Elevation Vulnerability

Severity: LOW

Description:

The IBM Resource Access Control Facility (RACF) is a security application designed to log activity and enforce various access controls on system resources and users. It is available for the IBM OS/390 and IBM z/OS operating systems.

RACF stores user information within profiles, each containing various segments. Data contained within these segments is used to store permissions and UserID information to control access to various services and resources.

A vulnerability has been discovered in the ALTUSER command that can be used on systems implementing UNIXMAP. The command can be used to modify a user's profile, specifically to define the UserID and access controls.

It has been discovered if the ALTUSER command is invoked, but the call fails, various sections of user profile may be incorrectly updated. Specifically, the UserID of the user is not modified, however the user may be removed from one access control list and added to another. This is said to be due to ALTUSER calling the IRRPRE02 module to update this information before verifying the sanity of the invocation.

This issue may pose as a security risk if the user later attempts to access privileged applications that authorize access using UserID to username translation. The result of this translation may indicate the user has access to the restrict resource when in fact the access control was updated in error.

It is not currently known whether an unprivileged user, who may invoke the ALTUSER command, is capable of triggering this vulnerability. The issue may only occur when an administrator issues an incorrect call to the program.

Affected Products:

• IBM OS/390 0.0.0V2R6
• IBM OS/390 0.0.0V2R9
• IBM RACF 1.1.0
• IBM RACF 1.2.0
• IBM RACF 1.3.0
• IBM RACF 1.4.0
• IBM RACF 1.5.0
• IBM RACF 1.6.0
• IBM RACF 1.7.0
• IBM RACF 1.9.0
• IBM RACF 2.1.0
• IBM RACF 2.2.0
• IBM RACF/MVS 1.7.0
• IBM RACF/MVS 1.8.0
• IBM RACF/MVS 1.8.1
• IBM RACF/MVS 1.9.2
• IBM z/OS

References:

• IBM: MSS-OAR-E01-2003.0795.1
• IBM: RACF Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.