Stream: Virtual Room 7
Time: 16:15 - 17:00
IBM provides various callable services for programs to execute REXX, allowing users to easily extend the functionality of programs by writing their own REXX scripts. However, this can violate system integrity if the program calling this service is running with APF authorization. This talk will explain how a malicious user can abuse the functionality of REXX to gain code execution of the program. Because the program is running APF authorized, they can then gain full access to the system. There will be a discussion on why it doesn't matter if the callable service was called in key 0/8 or supervisor/problem state.
This talk will provide methods to determine if your program is vulnerable, as well as a step-by-step demo of how an attacker would exploit a sample program. Attendees will learn how to ensure their own authorized code is not vulnerable and well as to be able to find and report any vulnerable code.
There is currently no attachment for Vivat REXX: The Danger of Executing REXX in an Authorized Environment
For the past 5 years, ive been finding and reporting security exposures in mainframe software. Other than that I do hikes, board games and hockey.
Click here to give some Feedback so we can make it even better next year!