[Info-vax] DCL vulnerability write up on The Register

neillclift at gmail.com neillclift at gmail.com
Sun Feb 18 10:41:29 EST 2018


On Sunday, February 18, 2018 at 6:51:23 AM UTC-8, Phillip Helbig (undress to reply) wrote:
> In article <p6c20f$jje$1 at dont-email.me>, Simon Clubley
> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes: 
> 
> > So basically, when you combine the two bits together, a bug in the CDU
> > parser, combined with a lack of proper checking in DCL, has basically
> > allowed any interactive user with shell access to totally compromise
> > a VAX or Alpha system since the mid 1980s.
> > 
> > IMHO, things simply should not be that fragile.
> 
> True.  However, apparently no-one ever did compromise a system in the 
> way you describe.  Maybe because all who were in a position to do so 
> were wearing white hats?

No true. I sent a number of bugs to VMS engineering 20+ years ago with bugs in both the CDU parser and DCL.



More information about the Info-vax mailing list