[Info-vax] DCL vulnerability write up on The Register
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Feb 21 13:39:09 EST 2018
On 2018-02-18 21:45:03 +0000, Jan-Erik Soderholm said:
> Now, am I correct that, *if* you have a system where no non-priv'ed
> users has access to the DCL command line, then you do not have any
> problems with this? Becuse you cannot "use" this vulnerability if you
> do not have access to the DCL command line?
Not that I'd bet any particular OpenVMS system isn't leaking
credentials or access somewhere. SCS. DECnet. FTP. telnet. leaked
private keys. Etc. That's all before an attacker even has to get
sneaky.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list