Problem Note 65144: A security vulnerability occurs for SAS/CONNECT® server connections when the SASCLIENTPORT is recycled
 |  |  |  |  |
Severity: Low
Description: Occasionally, SAS/CONNECT users who are using IBM Platform LSF connect to the SAS/CONNECT server sessions for incorrect user IDs.
Potential Impact: The above condition can result in a security breach.
Note: The hot fix changes the SAS/CONNECT spawner to increment the SASCLIENTPORT use between each session, rather than recycling previously used ports.
Click the Hot Fix tab to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS/CONNECT | 64-bit Enabled AIX | 9.4_M5 | 9.4_M5 | 9.4 TS1M5 | 9.4 TS1M5 |
| 64-bit Enabled Solaris | 9.4_M5 | 9.4_M5 | 9.4 TS1M5 | 9.4 TS1M5 | ||
| HP-UX IPF | 9.4_M5 | 9.4_M5 | 9.4 TS1M5 | 9.4 TS1M5 | ||
| Linux for x64 | 9.4_M5 | 9.4_M5 | 9.4 TS1M5 | 9.4 TS1M5 | ||
| Solaris for x64 | 9.4_M5 | 9.4_M5 | 9.4 TS1M5 | 9.4 TS1M5 | ||
A fix for this issue for Base SAS 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D9T.html#65144A fix for this issue for SAS Threaded Kernel 9.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C1S.html#65144| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2021-03-12 16:47:07 |
| Date Created: | 2019-11-19 09:50:12 |