[Info-vax] DCL vulnerability write up on The Register

Jan-Erik Soderholm jan-erik.soderholm at telia.com
Sun Feb 18 16:45:03 EST 2018


Den 2018-02-18 kl. 16:43, skrev Simon Clubley:
> On 2018-02-18, Phillip Helbig (undress to reply) <helbig at asclothestro.multivax.de> wrote:
>>
>> True.  However, apparently no-one ever did compromise a system in the
>> way you describe.  Maybe because all who were in a position to do so
>> were wearing white hats?
>>
> 
> No, not no-one, but no-one that you know about. There's a bit of a difference.
> 
> There's no way that I am the first to find this in 30 years, especially
> given the types of sites that VMS was used in during its heyday.
> 
> I'm just the first one to report it so it can be fixed.
> 
> Simon.
> 

OK, I think we an agree that the problem *is* there.

Now, am I correct that, *if* you have a system where no non-priv'ed
users has access to the DCL command line, then you do not have any
problems with this? Becuse you cannot "use" this vulnerability if
you do not have access to the DCL command line?







More information about the Info-vax mailing list