Ascential DataStage Multiple Security Issues

A forum for discussing DataStage<sup>®</sup> basics. If you're not sure where your question goes, start here.

Moderators: chulett, rschirm, roy

Post Reply
JoeClark
Participant
Posts: 1
Joined: Mon Aug 28, 2017 11:12 pm

Ascential DataStage Multiple Security Issues

Post by JoeClark »

Ryan NA has reported some security issues in Ascential DataStage, which can be exploited by malicious, local users to disclose sensitive information and to manipulate certain data, and by malicious users to disclose sensitive information.

1) The dsjob parameters are specified on the command line, which can be exploited e.g. to disclose passwords.

2) Insecure file permissions under the installation directory and the project directory can be exploited to manipulate certain files.

3) Additional logging output options include passwords within the log files.

The security issues are reported in version 7.5. Other versions may also be affected.



I didn't find the right solution from the internet.
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

Okay. :?

Hasn't been "Ascential" DataStage in a long time, never mind the fact that your posts just seem like a mechanism to advertise... something. I removed your URL as that's not why we're here.
-craig

"You can never have too many knives" -- Logan Nine Fingers
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

That's really, really old information...
Choose a job you love, and you will never have to work a day in your life. - Confucius
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

ps. I deleted the completely off-topic second advertising post in the TX forum.
-craig

"You can never have too many knives" -- Logan Nine Fingers
Thomas.B
Participant
Posts: 63
Joined: Thu Apr 09, 2015 6:40 am
Location: France - Nantes

Re: Ascential DataStage Multiple Security Issues

Post by Thomas.B »

JoeClark wrote:I didn't find the right solution from the internet.
The solution was right under the text you copy / paste from cnet.
BI Consultant
DSXConsult
Post Reply