Date: Thu, 28 Mar 2024 09:46:34 -0400 (EDT) Message-ID: <769268752.477.1711633594091@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_476_1433071489.1711633594088" ------=_Part_476_1433071489.1711633594088 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this file.
The CERT/CC has received a report of a security vulnerability which exis= ts under specific conditions in Digital VMS Software (Versions 4.0 to 5.4).= The DESCRIPTION, IMPACT, SOLUTION, and CONTACT INFORMATION sections below = have been provided to the CERT/CC by the Digital Equipment Corporation.
After taking the following actions, non-privileged users will not be abl= e to use the ANALYZE/PROCESS_DUMP command.
Modify SYS$MANA= GER:SYSTARTUP.COM to include the following lines:
=09=09 $ SET NOON $ MCR INSTALL ANALIMDMP.EXE/DELETEas the first two commands in this file.
b) For VMS versions V5.0= and later,
Modify SYS$MANAGER:SYSTARTUP_V5.COM to include the follow= ing lines:
=09=09 $ SET NOON $ MCR INSTALL ANALIMDMP.EXE/DELETEas the first two commands in this file.
c) For MicroVMS systems,<= /p>
The image ANALIMDMP.EXE is not installed by default, but SYSTARTUP.CO= M contains a suggestion for installing the image if you have multiple users= on your system. You must ensure that this image is not installed by SYSTAR= TUP.COM. You can use the following command to verify that the image is not = installed:
$ MCR INSTALL ANALIMDMP/LIST =09
This command remove= s the installed image from the active system.
<= /li>
$ M= CR INSTALL ANALIMDMP/LISTYou should receive a message similar to the following:
=09%INS= TALL-W-FAIL, failed to LIST entry for ANALIMDMP.EXE -INSTALL-E-NOKFEFND, Known File Entry not found
For further questions, please contact your Digital Customer Support Cent= er.
The CERT/CC thanks Digital for the information above, and thanks Clive W= almsley, Royal Signal and Radar Establishment, Malvern England, for reporti= ng this problem to CERT/CC.
Copyright 1990 Carnegie Mellon University.
September 17,1997 Attached Copyright Statement