Sampsa Laine wrote:
i was gonna bring it up here but considering the reception I got on c.o.v. I couldn't
be bothered...
I would hope the people around here are a bit more humble.
But as far as security issues goes, there are probably a bunch of them on our different
systems.
I know of a couple under RSX atleast...
Johnny
Sampsa
On 22 Aug 2008, at 16:54, gerry77 at
mail.com wrote:
I suppose you all have read about the VMS security bug that is being discussed
since about a week on comp.os.vms. Anyway, having read nothing about it here,
I thought useful to warn all the system administrators who read this mailing
list and which have VMS nodes with guest access on HECnet and/or Internet
about potential security treats to which their systems are exposed.
All VMS versions (VAX since V5.x, AXP and I64 since their beginning) are
exposed to a local exploit that allows any unprivileged user to gain almost
any privilege! The problem lies in SYS$SHARE:SMGSHR.EXE which is used for CLI
processing in many system utilites installed with high privileges (i.e.
INSTALL.EXE, SYSMAN.EXE, SHWCLSTR.EXE, etc.).
HP has just released mandatory patches for some versions while others, notably
all the VAX and older Alpha ones, are still exposed. Look for kits named like
VMSxxx_SMGRTL-V0100 in
ftp://ftp.itrc.hp.com/openvms_patches
A partial solution for those systems for which there isn't a patch appears to
be an ACL to deny access to some utilities by non trusted users. The list that
follows contains the names of those images that I think most dangerous, but I
will be "happy" to add more names if you discover them:
AUTHORIZE.EXE
INSTALL.EXE
NCP.EXE
SHWCLSTR.EXE
SYSMAN.EXE
TCPIP$FTP_CLIENT.EXE (VAX)
TCPIP$TELNET.EXE (AXP)
TCPIP$UCP.EXE
Please note that I'm NOT sure about this, i.e. there may be a workaround for
this workaround which I haven't thought of.
G.