[Info-vax] DCL vulnerability write up on The Register

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Feb 18 17:18:02 EST 2018


On 2018-02-18, Jan-Erik Soderholm <jan-erik.soderholm at telia.com> wrote:
>
> OK, I think we an agree that the problem *is* there.
>
> Now, am I correct that, *if* you have a system where no non-priv'ed
> users has access to the DCL command line, then you do not have any
> problems with this? Becuse you cannot "use" this vulnerability if
> you do not have access to the DCL command line?
>

Correct, but with the comment that there may be other ways into
supervisor mode that are yet to be discovered. Given how quirky
DCL has proven to be so far (remember the nulls in the recall
buffer issue ?) you have to consider that to be a serious possibility.

However, in order to compromise the system in the exploit I have come
up with, you do need command line access.

More details in a couple of weeks or so and there's an aspect to this 
that no-one has mentioned yet that may affect some (but hopefully not
many) people. That's why I feel it's important to talk about what the
vulnerability actually is.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world



More information about the Info-vax mailing list