I know I'm coming a little late to this party, but this is *almost* what Richard is looking for. This qualifies as a penetration, but not a penetration *by hackers*.
Back when the FTP server was modified (rewritten?) to use the new surrogate facility in CP, we had a user who tried to FTP a file to his 191 and entered 190 instead. Because of a bug this class G user was able to put a file on MAINT's 190. It appeared that as long as you had a link in the directory, the code didn't distinguish between read-only or read-write. We reported it, and it was fixed by IBM in fairly short order. We also ran VM:Secure, but I believe the vulnerability was a CP problem. Now this was not an outside user or a planned attack, but the exposure *could* have been used by any class G user with bad intentions to replace any executable on the "S" disk. Victor Strasser [EMAIL PROTECTED] VM and Linux Support Unit California Department of Technology Services Phone: 916-464-4522 -----Original Message----- From: Schuh, Richard [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 12:52 PM Subject: Re: Hackers I am more interested in documented cases of hackers actually penetrating a system. I am especially interested in penetrations of VM/ESA or later systems. Regards, Richard Schuh -----Original Message----- From: The IBM z/VM Operating System [mailto:] On Behalf Of Daniel P. Martin Sent: Tuesday, April 24, 2007 10:56 AM To: [email protected] Subject: Re: Hackers There's an article in the IBM Systems Journal, some time in the late 1970's, that discusses what amounts to a penetration test study of that vintage of VM. If I recall correctly, the authors exposed some interesting quirks in the I/O subsystem as the major exposure to mischief. I've got a copy of the article buried somewhere in my paper ephemera. If you're interested and don't find a better source, I'll dig up the publication info and can perhaps locate my copy of the article. -dan. Schuh, Richard wrote: > > Does anyone know of a documented case of VM being penetrated by hackers? > > Regards, > Richard Schuh >
