[Info-vax] Is HP's TCP/IP Services for OpenVMS vulnerable?
Arne Vajhøj
arne at vajhoej.dk
Mon Aug 15 18:20:43 EDT 2011
On 8/15/2011 12:32 PM, Michael T. Davis wrote:
> We're running...
>
> HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 3
> on an AlphaServer DS15 running OpenVMS V8.3
>
> Our security folks keep reporting this system as vulnerable to the "SSH
> Secure Shell without PTY setsid() Function Privilege Escalation" issue:
>
> http://www.kb.cert.org/vuls/id/740619
>
> In particular, they're relying on scans from Nessus...
>
> http://www.tenable.com/products/nessus
>
> ...which identifies our system as vulnerable. It parses the hello string
> from our SSH server, which reports a SSH version less than v3.2.2. According
> to the CERT site, HP's Tru64 is reported as "not vulnerable," but what about
> their TCP/IP stack for OpenVMS?
<quote>
When used in non-interactive connections, a defect in process grouping
of SSH Secure Shell processes may allow malicious activity. If
executing a command without a pty (including running commands and
subsystems) the child process remains in the process group of the
master process.
On platforms relying on getlogin() (mainly the different BSD variants)
malicious users can at least send misleading messages to syslog and
others applications (getlogin() call will return "root").
</quote>
does not sound like a problem that will exist OpenVMS.
So this particular vulnerability may not be so worrying.
But that does preclude a bunch of other problems to exist.
Arne
More information about the Info-vax
mailing list