[Info-vax] DCL vulnerability write up on The Register
neillclift at gmail.com
neillclift at gmail.com
Sun Feb 18 10:41:29 EST 2018
On Sunday, February 18, 2018 at 6:51:23 AM UTC-8, Phillip Helbig (undress to reply) wrote:
> In article <p6c20f$jje$1 at dont-email.me>, Simon Clubley
> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>
> > So basically, when you combine the two bits together, a bug in the CDU
> > parser, combined with a lack of proper checking in DCL, has basically
> > allowed any interactive user with shell access to totally compromise
> > a VAX or Alpha system since the mid 1980s.
> >
> > IMHO, things simply should not be that fragile.
>
> True. However, apparently no-one ever did compromise a system in the
> way you describe. Maybe because all who were in a position to do so
> were wearing white hats?
No true. I sent a number of bugs to VMS engineering 20+ years ago with bugs in both the CDU parser and DCL.
More information about the Info-vax
mailing list