is_openvms_vulnerable_to_cve-2017-17482_the_dcl_cdu_issue
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | is_openvms_vulnerable_to_cve-2017-17482_the_dcl_cdu_issue [2019/02/12 23:02] (current) โ created mmacgregor | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | |||
+ | ==== Introduction ==== | ||
+ | |||
+ | If you've searched for OpenVMS vulnerabilities at either the https:// | ||
+ | |||
+ | ==== Details ==== | ||
+ | |||
+ | Per the Nist site, this Vulnerability and Exposure states the following ((1 NIST description of the vulnerability: | ||
+ | |||
+ | An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. | ||
+ | |||
+ | ==== Solution ==== | ||
+ | |||
+ | * Alpha OpenVMS V8.4 systems should have this patch installed: VMS84A_DCL-V0200 | ||
+ | * Itanium OpenVMS V8.4 systems should have this patch installed: VMS84I_DCL-V0200 Contact HPE for the patch | ||
+ | |||
+ | Alpha customers running VSI OpenVMS V8.4-2L1 or VSI OpenVMS V8.4-2L2 for Alpha, contact VSI support to obtain the appropriate patch version. | ||
+ | |||
+ | IA64 customers running VSI OpenVMS V8.4-1H1, VSI OpenVMS V8.4-2, or VSI OpenVMS V8.4-2L1, if you have a support contract with HPE for your version, contact HPE customer support to obtain the patch; otherwise, contact VSI support.((2 VSI acknowledges the issue: https:// | ||
+ | |||
+ | ==== Workaround ==== | ||
+ | |||
+ | For VAX, Alpha, and Integrity users unable to patch OpenVMS, here are best practices to better protect your systems from the vulnerability. | ||
+ | |||
+ | * Practice good user account control. The attacker must be able to log into the OpenVMS system to exploit the vulnerability. | ||
+ | |||
+ | * Disable user access to the DCL "SET COMMAND" | ||
+ | |||
+ | The vulnerability is in the CDU.EXE image, which is installed with CMEXEC privilege, and a workaround is to remove privileges from the image. This can be done by editing the files SYS$MANAGER: | ||
+ | |||
+ | The relevant lines look like this (this may vary between versions of OpenVMS): | ||
+ | |||
+ | < | ||
+ | $ search sys$manager: | ||
+ | ****************************** | ||
+ | SYS$COMMON: | ||
+ | sys$system: | ||
+ | ****************************** | ||
+ | SYS$SYSROOT: | ||
+ | SYS$SYSTEM: | ||
+ | |||
+ | The workaround would be to simply remove the โ/ | ||
+ | |||
+ | Along the same vein, the system DCL table could be patched to remove the COMMAND | ||
+ | option from the SET command. | ||
is_openvms_vulnerable_to_cve-2017-17482_the_dcl_cdu_issue.txt ยท Last modified: 2019/02/12 23:02 by mmacgregor