[Info-vax] Is HP's TCP/IP Services for OpenVMS vulnerable?
Michael T. Davis
DAVISM at ecr6.ohio-state.edu
Mon Aug 15 19:55:39 EDT 2011
In article <4e49736d$0$20589$6d5eeec5 at onsnet.xlned.com>, Jose Baars
<peutbaars at googlemail.com> writes:
>Op 8/15/2011 6:32 PM, Michael T. Davis schreef:
>
>>[...]
>
>[...]
>As the SSH server runs under user TCPIP$SSH, which has no privileges, it
>is not likely that this particular defect would result in a privilege
>elevation.
>[...]
FYI, the SSH server image, SYS$SYSTEM:TCPIP$SSH_SSHD2.EXE, is installed
with...
CMKRNL SYSNAM IMPERSONATE LOG_IO WORLD SYSPRV READALL SECURITY
...so just because the TCPIP$SSH user account has no privileges... Well, I
hope you get the idea, and I appreciate your other comments.
Regards,
Mike
More information about the Info-vax
mailing list