On 9/26/2014 7:04 AM, John McKown wrote:
As a bit of an aside, I used the source IBM supplied for the 2.03
version to port the 4.2.0(4) version to z/OS. This version is on the
CBTTape.org site and it __IS__ vulnerable. When I find a patch which
fits and get the time, I do plan to update the z/OS port of 4.2. I've
been going down rabbit holes on another project right now. The only
way that I can see this as an exploit might be if someone used BASH in
a CGI.
Thank you for doing this port and sharing with the z/OS community!
We still use the 2.03 release that IBM ported years ago. I would dearly
like us to upgrade to 4.2.
--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
