[Info-vax] A DCL wish list of sorts...
pcanagnostopoulos at gmail.com
pcanagnostopoulos at gmail.com
Fri Mar 22 10:26:17 EDT 2019
On Friday, March 22, 2019 at 10:14:58 AM UTC-4, Simon Clubley wrote:
> Actually what I did would be more accurately described as working _over_
> the compiler instead of working _on_ the compiler. :-)
>
> Sorry, I just assumed you knew. Here's the end result of a little research
> project I did in 2017:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17482
>
> Basically, for 33 years, it was possible for a non-privileged user
> with access to the DCL command line and a normal DCLTABLES to
> totally compromise VMS on VAX and Alpha.
I know nothing about the insides of VMS since about 1985. Sounds like a cool bug.
But I don't understand the descriptions. They talk about a malformed command table. How is such a thing created? By a user-defined command that exploits a compiler bug?
~~ Paul
More information about the Info-vax
mailing list