what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

d-06.ciac-vms-disuser

d-06.ciac-vms-disuser
Posted Sep 23, 1999

d-06.ciac-vms-disuser

SHA-256 | 38e88dbe6f17f05f61e0d06b73d44088c05cb38249831633fec344b10e3ca16b

d-06.ciac-vms-disuser

Change Mirror Download
       _______________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Information Bulletin

Failure to disable user accounts for VMS 5.3 to 5.5-2

FEB 12, 1993 1400 PST Number D-06
________________________________________________________________________
PROBLEM: VMS systems configured to disable user accounts experiencing
break-in attempts may not disable those accounts, as required.
PLATFORM: VAXstations using DECwindows or Motif, VMS versions 5.3
through Open VMS 5.5-2.
DAMAGE: Unauthorized users could gain access given sufficient time.
SOLUTION: Apply patch CSCPAT_0239019 or physically secure workstations
if accounts are so configured.
________________________________________________________________________
Critical Facts about potential vulnerability in VMS VAXstations

CIAC has learned of a vulnerability in VAXstations running (Open) VMS
versions 5.3 through 5.5-2 when using VMS DECwindows or VMS DECwindows
MOTIF. The vulnerability applies to systems where the SYSGEN parameter
for disabling accounts under attack is enabled (i.e., LGI_BRK_DISUSER
is set to 1). If the "break-in limit," i.e, log-in failure count
threshold (SYSGEN parameter LGI_BRK_LIM) is exceeded during an interval
determined by an algorithm using LGI_BRK_TMO, the account will NOT be
disabled, allowing repeated attacks. Other security functions will
continue to work correctly, such as evasion and SYSUAF counts for
log-in failures, as well as security audit recording. The
vulnerability is not present when using non-local DECwindows or MOTIF
access via DECnet.

If you are not required to invoke automatic account disabling, CIAC
recommends that you secure your systems by prudently managing passwords
and effectively setting break-in detection and evasion SYSGEN
parameters. In most cases the default parameter settings are
adequate. You may further strengthen evasion security by

o reducing LGI_BRK_LIM (default 5 log-in attempts)
o increasing LGI_HID_TIM (default 300 seconds)
o increasing LGI_BRK_TMO (default 300 seconds)
o changing LGI_BRK_TERM to 0 (default is 1)

Be advised that each parameter change may increase the risk of denial
of service to legitimate users. If you have dial up access, make
certain that the parameter LGI_RETRY_LIM is not increased beyond its
default value of three.

In all cases, CIAC recommends that you first upgrade to the latest
version of Open VMS and windowing software (to correct other potential
vulnerabilities). To correct the potential vulnerability identified in
this bulletin, apply patch suite CSCPAT_0239019, available from
Digital. If you have DSNlink for VMS, use the DSNlink VTX Patch
Application. When prompted for a search string, use the keyword
CSCPAT_0239019. If you do not have DSNlink for VMS, contact your local
Digital office or your Digital Support Center for the patch.

If you cannot obtain or apply the patch, you should restrict
workstation physical access to authorized users.

For additional information or assistance, please contact CIAC at (510)
422-8193/FTS or send e-mail to ciac@llnl.gov. FAX messages to: (510)
423-8002/FTS.

The CIAC Bulletin Board, Felicia, can be accessed at 1200 or 2400 baud
at (510) 423-4753 and 9600 baud at (510) 423-3331. Previous CIAC
bulletins and other information is available via anonymous ftp from
irbis.llnl.gov (ip address 128.115.19.60).

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained by sending email to docserver@first.org
with an empty subject line and a message body containing the line:
send first-contacts.

CIAC wishes to acknowledge Tom Moore and Mona Wecksung of Los Alamos
National Laboratory for bringing the vulnerability to our attention,
and Rich Boren of Digital's Software Security Response Team for leading
problem resolution efforts.

This document was prepared as an account of work sponsored by an agency
of the United States Government. Neither the United States Government
nor the University of California nor any of their employees, makes any
warranty, expressed or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, product, or process disclosed, or represents that its use
would not infringe privately owned rights. Reference herein to any
specific commercial products, process, or service by trade name,
trademark manufacturer, or otherwise, does not necessarily constitute
or imply its endorsement, recommendation, or favoring by the United
States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government nor the University of
California, and shall not be used for advertising or product
endorsement purposes.

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close