Subject VMS security advisory Date 08-mar-93
f0c349938e9ed20f4d10589b7c5e307dada6f27264d94321d0fb7caeca8ad40b-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : CERT-NL Teun Nijssen Index : S-93-09
Distribution : SURFnet Constituency Page : 1
Classification: External Version: 3
Subject : VMS security advisory Date : 08-mar-93
===============================================================================
CERT-NL recently received an advisory concerning a severe vulnerability in
VAX/VMS from SSRT, Digital's partner member of CERT-NL in FIRST. It is
distributed after a week of intense cooperation between CERT-NL and SSRT.
Instructions on how to get the remedial kits in The Netherlands are at the
end of this advisory.
Please note version 3 of this advisory contains a large new section
start text of original version advisory:
- ------------------------------------------------------------------------------
ADVISORY INFO:
-------------------------------------------------------------------------
23.FEB.1993
SOURCE: Digital Equipment Corporation
AUTHOR: Software Security Response Team
Colorado Springs USA
PRODUCT: VMS V5.0 through OpenVMS V5.5-2 & OpenVMS AXP V1.0
PROBLEM: Potential Security Vulnerability - OpenVMS
SOLUTION: A remedial kit is now available for OpenVMS AXP V1.0,
VMS V5.0 through OpenVMS Version 5.5-2 (including all SEVMS
versions V5.1 through V5.5-2 as applicable) by contacting
your normal Digital Services Support organization.
SEVERITY LEVEL: High
This potential vulnerability has been corrected in the next release of
OpenVMS, V6.0 and OpenVMS AXP, V1.5 For VMS Versions prior to V5.0,
Digital strongly recommends that you upgrade to a minimum of VMS
V5.0 and further, to the latest release of OpenVMS V5.5-2.
-------------------------------------------------------------------------
The remedial kits may be identified as:
VAXSYS01_U2050 VMS V5.0, V5.0-1, V5.0-2
VAXSYS01_U1051 VMS V5.1
VAXSYS01_U1052 VMS V5.2
VAXSYS01_U2053 VMS V5.3 thru V5.3-2
VAXSYS01_U3054 VMS V5.4 thru V5.4-3
VAXSYS02_U2055 OpenVMS V5.5 thru V5.5-2
AXPSYS01_010 OpenVMS AXP V1.0
-------------------------------------------------------------------------
Copyright (c) Digital Equipment Corporation, 1993 All Rights Reserved.
Published Rights Reserved Under The Copyright Laws Of The United States.
-------------------------------------------------------------------------
ADVISORY INFORMATION:
-------------------------------------------------------------------------
This update kit corrects a potential security vulnerability in the VMS,
OpenVMS VAX and OpenVMS AXP operating systems. This potential
vulnerability may be further exploited in the form of a malicious program
that may allow authorized but unprivileged users to obtain all system
privileges, potentially giving the unprivileged user control of your
OpenVMS system and data.
NOTE:
The update kit must be applied if an update or installation is performed
for all versions prior to OpenVMS V6.0 or OpenVMS AXP V1.5. For VMS
Versions prior to VMS V5.0, Digital strongly recommends that you upgrade
to a minimum of VMS V5.0 and further to the latest release of OpenVMS
V5.5-2.
-------------------------------------------------------------------------
INFORMATION:
-------------------------------------------------------------------------
Digital strongly recommends that you install the available kit on your
system(s), to avoid any potential vulnerability as a result of this
problem.
Customers with a Digital Services contract may obtain a kit for the
affected versions of OpenVMS by contacting your normal support
organizations.
- In the U.S. Customers may contact the Customer Support Center
at 1(800)354-9000 and request the appropriate kit for your version
of OpenVMS, or through DSNlink Text Search database using the
keyword text "Potential Security Vulnerability", or DSNlink VTX using
the patch number 1084
- Customers in other geographies should contact their normal Digital
Services support organizations.
As always, Digital recommends you to regularly review your system
management and security procedures. Digital will continue to review and
enhance security features, and work with our customers to further improve
the integrity of their systems.
- ------------------------------------------------------------------------------
end text of original version advisory
The following addendum was received by CERT-NL from the Digital
Equipment Corporation's Software Security Response Team (SSRT) concerning
the security patches to VMS and OpenVMS. It is reproduced unedited.
start of update version 3 advisory:
- ------------------------------------------------------------------------------
SSRT 02.25 - 01 28.FEB.1993 Addendum Advisory
RE: SSRT 02.25 dated 23.FEB.1993
SOURCE: Digital Equipment Corporation
AUTHOR: Software Security Response Team
Colorado Springs, CO.
DESCRIPTION
- ------------
Digital has received information concerning a problem while upgrading
specifically OpenVMS VAX Version 5.3 to V5.3-1 or V5.3 to V5.3-2 and
OpenVMS VAX V5.5 to V5.5-2 or OpenVMS VAX V5.5-1 to V5.5-2.
- ------------------------------
OpenVMS VAX versions affected:
- ------------------------------
upgrade paths V5.3 to V5.3-1
V5.3-1 to V5.3-2
V5.3 to V5.3-2
V5.5 to V5.5-2
V5.5-1 to V5.5-2
A problem may occur during an upgrade to a system that previously installed
the specific Security Kit identified as;
CSCPAT_1084010.A (combined kit for all OpenVMS VAX
Versions affected. DSNlink kit.)
VAXSYS01_U2053.A OpenVMS V5.3, V5.3-1, V5.3-2
VAXSYS02_U2055.A OpenVMS V5.5, V5.5-1
NOTE:
*****
All other applicable versions of OpenVMS VAX and their supported upgrade paths
do not exhibit this symptom if the Security Kit (identified in an advisory
SSRT 02.25 dated 23.FEB.1993) was installed before upgrading to the next
higher version.
The Security Kit must be re-applied after all OpenVMS VAX upgrades for V5.0
through V5.5-2. Digital recommends that until OpenVMS VAX V6.0 or OpenVMS
AXP V1.5 is installed later this year, contact your Digital Services Support
organization to obtain the most current version of the applicable Security Kit
identified in the SSRT 02.25 advisory dated 23.FEB.1993
IMPACT
- ---------
Following an upgrade from OpenVMS VAX
V5.3 to V5.3-1
V5.3-1 to V5.3-2
V5.3 to V5.3-2
V5.5 to V5.5-2
V5.5-1 to V5.5-2
may cause an error directly related to having the Security Kit (identified
above) installed prior to the OpenVMS VAX upgrades listed above, and cause
the system to fail to boot properly at the completion of the upgrade.
SOLUTION
- ---------
If you renamed the images replaced following the installation of the Security
Kit, restore the saved images prior to upgrading OpenVMS VAX to the next
higher release then re-apply the Security Kit. The images replaced by
the Security Kit identified above are;
PAGE_MANAGEMENT.EXE & IMAGE_MANAGEMENT.EXE
and placed in the directory SYS$LOADABLE_IMAGES:
If the images replaced during the Security Kit installation cannot be
restored, enter the commands as indicated below after your OpenVMS VAX
upgrade completes.
**** IN EACH CASE, THE SOLUTION BELOW IS A POST OpenVMS VAX UPGRADE EVENT ****
!For OpenVMS VAX V5.3 update paths
! V5.3 to V5.3-1
! V5.3-1 to V5.3-2
! V5.3 to V5.3-2
!
! At the point where the OpenVMS upgrade process has completed.
!
! At the "$" prompt issue the following DCL patch steps exactly,
! at the console terminal, and follow the instrustions for re-booting.
$ patch/update=(1) image_management.exe
SET ECO 1
REPL/INST 0A0F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
Press the HALT button, reboot the system, and re-install the Security Kit and
reboot again for the Security Kit installation to become effective.
- ----------------------------------------------------------------------------
!For OpenVMS VAX V5.5 update paths
!
! V5.5-1 to V5.5-2
! V5.5 to V5.5-2
!
! At the point where the OpenVMS upgrade process has completed.
! From the systems console invoke a conversational boot by entering the
! following commands as shown and complete the DCL level steps exactly
! and follow the instrustions for re-booting.
>>> B/1
SYSBOOT> SET/START=OPA0:
SYSBOOT> C
$ set noon
$ set default [vms$common.sys$ldr]
$ patch/update=(1) image_management.exe
SET ECO 1
REPL/INST 0A2F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
$
Press the HALT button, reboot the system, and re-install the Security Kit and
reboot again for the Security Kit installation to become effective.
- ------------------------------------------------------------------------------
end of update version 3 advisory
- ------------------------------------------------------------------------------
CERT-NL has contacted Digital's Customer Service Center in Utrecht
(030) 832888. Organisations contacting CSC may refer to the problem
as the one solved by CSCPAT_1084. After requesting the relevant version(s)
by DSN or telephone, the kits will be downlineloaded via AES or
they will be sent on TK50 or MAGTAPE. The patches can be installed
with VMSINSTALL.
CERT-NL thanks Digital's Software Security Response Team for their
cooperation in providing a solution to this problem.
Annelies de Wijk (RUG) is complimented on her attentive system management
and thanked for providing the answers to numerous questions.
CERT-NL advises its constituency to contact Digital Utrecht to obtain the
relevant remedial kits and apply them to their systems without delay.
houdoe
teun
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOL6WAzSYjBqwfc9jEQJCogCfYSRb7kI3YHkVGhsGwydW/aiHDU8An3rT
OiqhF6UWksPqORKBrLAXQWNh
=fGGd
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed