[Info-vax] Have the NSA planted backdoors in VMS ?

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Jan 7 16:35:08 EST 2018 

IanD asked the following question in another thread:

> I asked the question before but never got a response - does any of the
> OpenVMS code have additional code inserted into it...

It's an interesting question, especially given how popular VAX/VMS
was in the old Soviet Union in the 1980s and especially given that
in those days shared interactive access to computers was the normal
state of affairs.

When looking at the vulnerability I found, there are times when
I have wondered if it was a backdoor deliberately planted by the NSA.

There are two things which make me say that:

1) The .cld buffer overflow vulnerability does not appear to exist
in VAX/VMS 3.x; my test CLD is correctly rejected by VAX/VMS 3.x.

That by itself probably doesn't prove anything as there were a number
of changes for VAX/VMS 4.x - that VMS 3.x UI was absolutely horrible BTW.
It's quite possible for there to have been a simple coding error with
all the work that was obviously done at that time.

OTOH, that would have been a perfect time to introduce a deliberate
backdoor - if it was found it would probably have been written off
as a simple developer mistake instead of a deliberately planted backdoor.

2) The _only_ parsing related buffer overflow I have been able to
find in a .cld file is the only one I can exploit from DCL.

There are a good number of possible other parsing related buffer
overflow errors which could exist in .cld files and which would
be benign, but _every_ _single_ _one_ I have tried has been
correctly rejected by CDU.

By today's standards, it would be a very crude backdoor indeed but
don't forget that it was very different in the 1980s. For example,
at the time that this vulnerability was introduced, there was
still several years to go until the Morris worm happened.

BTW, there's no implication in my statements that VMS Engineering
cooperated with the NSA. It's quite possible for someone like the
NSA to introduce this into VMS without the cooperation of DEC.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

More information about the Info-vax mailing list