"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
{...snip...}
Seriously, has anyone ever successfully developed a virus for
a VMS system? I think I heard that there was a yearly contest
to see if anyone could compromise a VMS system and it failed
every year.
A few (2-3) years ago, there was a reported security elevation exploit that
involves a stupid buffer contamination exploit in SMG$READ_COMPOSED_LINE and
any VMS utility that employed it and that was installed with privileges. It
turned out that the INSTALL utility could be exploited. It was NOT simple
to do but it could be done. I implemented a weaponized PoC to exploit the
security vulnerabity. It was, happily, quickly addressed.
There was also another exploit wherein one could send, via VMS mail, the
equivalent of an attachment using /FOREIGN. If the attachment was created
with SUBMIT-ON-CLOSE and the file was read by a privileged user, all bets
were off. Again, this was quickly subdued before it became a widespread
exploit. That, IIRC, was about a decade ago.
Not a bad record at one vulnerability per decade. ;) The only real success
stories of infiltrating VMS all stemmed from social engineering and not, to
my knowledge, from security holes in the OS.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Show replies by date