exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

d-08.ciac-vms-v5-OS

d-08.ciac-vms-v5-OS
Posted Sep 23, 1999

d-08.ciac-vms-v5-OS

SHA-256 | db4a54703753dbbac039a99651af456ace3ae27f4d8d85ee0e064ffaa2efcff5

d-08.ciac-vms-v5-OS

Change Mirror Download
          ______________________________________________________

The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
______________________________________________________

A D V I S O R Y N O T I C E

Potential Vulnerability in VMS V5 and
Derivative Operating Systems

FEB 23, 1993 1200 PST Number D-08
___________________________________________________________________________
PROBLEM: Malicious program simplifies exploitation of VMS vulnerability.
PLATFORM: Systems running VMS V5.0 through OpenVMS V5.5-2 and
OpenVMS AXP V1.0 (including all SEVMS V5.1 through V5.5-2).
DAMAGE: Authorized unprivileged users could obtain all system privileges.
SOLUTION: Apply patch available from Digital Equipment Corporation.
___________________________________________________________________________
Critical Information about Potential Vulnerability in VMS

CIAC has learned of a potential vulnerability in VMS, OpenVMS and Security
Enhanced VMS (SEVMS) as described in the following advisory (which was
requested to be distributed intact) from Digital Equipment Corporation:
========================== Begin DEC Advisory =============================
DATE: 23.FEB.1993
SOURCE: Digital Equipment Corporation
AUTHOR: Software Security Response Team
Colorado Springs USA
PRODUCT: VMS V5.0 through OpenVMS V5.5-2 & OpenVMS AXP V1.0
PROBLEM: Potential Security Vulnerability - OpenVMS
SOLUTION: A remedial kit is now available for OpenVMS AXP V1.0,
VMS V5.0 through OpenVMS Version 5.5-2 (including all SEVMS
versions V5.1 through V5.5-2 as applicable) by contacting
your normal Digital Services Support organization.
SEVERITY LEVEL: High

This potential vulnerability has been corrected in the next release of
OpenVMS, V6.0 and OpenVMS AXP, V1.5. For VMS Versions prior to V5.0,
Digital strongly recommends that you upgrade to a minimum of VMS V5.0
and further, to the latest release of OpenVMS V5.5-2.
_________________________________________________________________________
The remedial kits may be identified as:
VAXSYS01_U2050 VMS V5.0, V5.0-1, V5.0-2
VAXSYS01_U1051 VMS V5.1 thru V5.1-1
VAXSYS01_U1052 VMS V5.2, V5.2-1
VAXSYS01_U2053 VMS V5.3 thru V5.3-2
VAXSYS01_U3054 VMS V5.4 thru V5.4-3
VAXSYS02_U2055 OpenVMS V5.5 thru V5.5-2
AXPSYS01_010 OpenVMS AXP V1.0
_________________________________________________________________________
Copyright (c) Digital Equipment Corporation, 1993 All Rights Reserved.
Published Rights Reserved Under The Copyright Laws Of The United States.
_________________________________________________________________________
ADVISORY INFORMATION:
_________________________________________________________________________
This update kit corrects a potential security vulnerability in the VMS,
OpenVMS VAX and OpenVMS AXP operating systems. This potential
vulnerability may be further exploited in the form of a malicious program
that may allow authorized but unprivileged users to obtain all system
privileges, potentially giving the unprivileged user control of your
OpenVMS system and data.

NOTE:
The update kit must be applied if an update or installation is performed
for all versions prior to OpenVMS V6.0 or OpenVMS AXP V1.5. For VMS
Versions prior to VMS V5.0, Digital strongly recommends that you upgrade
to a minimum of VMS V5.0 and further to the latest release of OpenVMS
V5.5-2.
_________________________________________________________________________
PATCH KIT INFORMATION:
_________________________________________________________________________
Digital strongly recommends that you install the available kit on your
system(s), to avoid any potential vulnerability as a result of this
problem.

Customers with a Digital Services contract may obtain a kit for the
affected versions of OpenVMS by contacting your normal support
organizations.

- In the U.S. Customers may contact the Customer Support Center
at 1(800)354-9000 and request the appropriate kit for your version
of OpenVMS, or through DSNlink Text Search database using the
keyword text "Potential Security Vulnerability", or DSNlink VTX using
the patch number 1084

- Customers in other geographies should contact their normal Digital
Services support organizations.

As always, Digital recommends you to regularly review your system
management and security procedures. Digital will continue to review and
enhance security features, and work with our customers to further improve
the integrity of their systems.
=========================== End DEC Advisory ==============================

CIAC recommends that you follow the DEC advisory to obtain and install
the appropriate patch.

If you require additional assistance or wish to report a vulnerability,
call CIAC at (510) 422-8193 or send e-mail to ciac@llnl.gov. FAX
messages to: (510) 423-8002.

For emergencies and off-hour assistance call 1-800-SKYPAGE and enter
PIN number 855-0070 (primary) or 855-0074 (secondary).

The CIAC Bulletin Board, Felicia, can be accessed at 1200 or 2400 baud
at (510) 423-4753 and 9600 baud at (510) 423-3331. Previous CIAC
bulletins and other information is available via anonymous ftp from
irbis.llnl.gov (ip address 128.115.19.60).

PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained by sending email to docserver@first.org
with an empty subject line and a message body containing the line:
send first-contacts.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, expressed or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, product, or process disclosed, or
represents that its use would not infringe privately owned rights.
Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or
favoring by the United States Government or the University of
California. The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government nor
the University of California, and shall not be used for advertising or
product endorsement purposes.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close