[Info-vax] OpenVMS books
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Jul 24 22:13:28 EDT 2017
On 2017-07-22, seasoned_geek <roland at logikalsolutions.com> wrote:
>
> OpenVMS was banned from Black Hat conferences until it started getting
> OpenSource added to it, then it was welcomed with open arms AND it started
> getting breached.
>
Bollocks.
The total system compromise breach was in SMG which is pure VMS and
was a straight forward buffer overflow. Its exploit was made a lot
easier due to the VMS design which meant the security researchers
didn't even have to mess around with loading shellcode onto the stack.
The finger compromise on UCX 5.x was caused by not specifying a format
string (IIRC) as the first argument. The UCX 5.x stack came from another
DEC OS and that code should never have passed peer review.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list