 |
|
 |
CERT® Advisory CA-1990-07 VMS ANALYZE/PROCESS_DUMPOriginal issue date: October 25, 1990Last revised: September 17, 1997 Attached Copyright Statement A complete revision history is at the end of this file. The CERT/CC has received a report of a security vulnerability which exists under specific conditions in Digital VMS Software (Versions 4.0 to 5.4). The DESCRIPTION, IMPACT, SOLUTION, and CONTACT INFORMATION sections below have been provided to the CERT/CC by the Digital Equipment Corporation. I. DescriptionNon-privileged users can acquire system privileges through the ANALYZE/PROCESS_DUMP routine.II. ImpactNon-privileged users who gain increased privileges might deliberately or inadvertently affect the integrity of system information and/or affect the integrity of the computing resource.III. SolutionDigital is currently working on a permanent solution to this problem. While a permanent fix is being completed, Digital recommends that the following actions be taken on every VMS system (this includes all nodes in a VAXcluster system).After taking the following actions, non-privileged users will not be able to use the ANALYZE/PROCESS_DUMP command.
Modify SYS$MANAGER:SYSTARTUP.COM to include the following lines:
$ SET NOON
$ MCR INSTALL ANALIMDMP.EXE/DELETE
as the first two commands in this file.
b) For VMS versions V5.0 and later, Modify SYS$MANAGER:SYSTARTUP_V5.COM to include the following lines:
$ SET NOON
$ MCR INSTALL ANALIMDMP.EXE/DELETE
as the first two commands in this file.
c) For MicroVMS systems, The image ANALIMDMP.EXE is not installed by default, but SYSTARTUP.COM contains a suggestion for installing the image if you have multiple users on your system. You must ensure that this image is not installed by SYSTARTUP.COM. You can use the following command to verify that the image is not installed:
$ MCR INSTALL ANALIMDMP/LIST
This command removes the installed image from the active system.
$ MCR INSTALL ANALIMDMP/LIST
You should receive a message similar to the following:
%INSTALL-W-FAIL, failed to LIST entry for ANALIMDMP.EXE
-INSTALL-E-NOKFEFND, Known File Entry not found
For further questions, please contact your Digital Customer Support Center. The CERT/CC thanks Digital for the information above, and thanks Clive Walmsley, Royal Signal and Radar Establishment, Malvern England, for reporting this problem to CERT/CC.
This document is available from: http://www.cert.org/advisories/CA-1990-07.html CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryptionWe strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from If you prefer to use DES, please call the CERT hotline for more information. Getting security informationCERT publications and other security information are available from our web site
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Conditions for use, disclaimers, and sponsorship information
Copyright 1990 Carnegie Mellon University. Revision History September 17,1997 Attached Copyright Statement |
