[Info-vax] DCL vulnerability write up on The Register

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Wed Feb 21 13:39:09 EST 2018


On 2018-02-18 21:45:03 +0000, Jan-Erik Soderholm said:

> Now, am I correct that, *if* you have a system where no non-priv'ed 
> users has access to the DCL command line, then you do not have any 
> problems with this? Becuse you cannot "use" this vulnerability if you 
> do not have access to the DCL command line?

Not that I'd bet any particular OpenVMS system isn't leaking 
credentials or access somewhere.   SCS. DECnet. FTP. telnet. leaked 
private keys.  Etc.  That's all before an attacker even has to get 
sneaky.


-- 
Pure Personal Opinion | HoffmanLabs LLC 




More information about the Info-vax mailing list