Unrated severityNVD Advisory· Published Apr 18, 2007· Updated Apr 23, 2026

CVE-2007-2063

Description

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

Affected products

SSH/Tectia Server4 versions
cpe:2.3:a:ssh:tectia_server:*:*:ibm_zos:*:*:*:*:*+ 3 more
- cpe:2.3:a:ssh:tectia_server:*:*:ibm_zos:*:*:*:*:*range: <=5.3.0
- cpe:2.3:a:ssh:tectia_server:5.0:*:ibm_zos:*:*:*:*:*
- cpe:2.3:a:ssh:tectia_server:5.1.0:*:ibm_zos:*:*:*:*:*
- cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24916nvdPatchVendor Advisory
www.vupen.com/english/advisories/2007/1414nvdVendor Advisory
osvdb.org/34998nvd
securitytracker.com/idnvd
www.osvdb.org/35014nvd
www.securityfocus.com/bid/23508nvd
www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txtnvd
exchange.xforce.ibmcloud.com/vulnerabilities/33699nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000