[Info-vax] An old VMS vulnerability, was: Re: Calling standards, was: Re: Byte range locking - was Re: Oracle
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Nov 28 13:34:59 EST 2016
On 2016-11-28, johnwallace4 at yahoo.co.uk <johnwallace4 at yahoo.co.uk> wrote:
>
> Either way there still seem to be plenty of ways to get
> unauthorised code execution and unauthorised privilege
> escalation in "modern" high volume OSes.
And for a while that included VMS although I hope HP/VSI have now
fixed the underlying vulnerability.
VMS had[1] a design flaw in it in which shellcode could be loaded into
a logical and then executed if you could cause a buffer overflow in
privileged code. That's how the DEFCON security researchers were able
to turn a simple buffer overflow into something which could compromise
VMS.
[1] It's been 8 years so I assume by now VMS Engineering have
released patches to make the address space occupied by the logicals
non-executable so that if another privileged process is compromised
then a logical cannot be used to hold the shellcode.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list