[Info-vax] OpenVMS V9.0-C Released July 29th
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Aug 4 00:22:31 EDT 2020
On 2020-08-03, Terry Kennedy <terry-groups at glaver.org> wrote:
>
> I believe the VSI TCP/IP product for x86 is a licensed locally modified
> version of MultiNet*, which does a reasonable job keeping up with security
> fixes. Most of my gripes with MultiNet are based on things like the an-
> cient version of BIND included. While relevant security fixes get back-
> ported, it is missing support for modern RR types like CAA, and it is old
> enough that you can't even specify the type numerically.
>
> * At least that was the plan when VSI first announced the VMS port to x86.
> I don't know if that plan changed along the way.
Multinet does appear to have a better reputation than UCX. :-)
However, having said that, every once in a while the Multinet stack on
Eisner locks up hard and requires a system reboot, so there's obviously
some kind of a DoS vulnerability there.
If it's shellcode going wrong because Eisner is Alpha and not x86,
then it might even be exploitable when Multinet is released for x86.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list