[Info-vax] DCL vulnerability write up on The Register

Phillip Helbig undress to reply helbig at asclothestro.multivax.de
Sun Feb 18 09:51:20 EST 2018


In article <p6c20f$jje$1 at dont-email.me>, Simon Clubley
<clubley at remove_me.eisner.decus.org-Earth.UFP> writes: 

> So basically, when you combine the two bits together, a bug in the CDU
> parser, combined with a lack of proper checking in DCL, has basically
> allowed any interactive user with shell access to totally compromise
> a VAX or Alpha system since the mid 1980s.
> 
> IMHO, things simply should not be that fragile.

True.  However, apparently no-one ever did compromise a system in the 
way you describe.  Maybe because all who were in a position to do so 
were wearing white hats?




More information about the Info-vax mailing list