[Info-vax] Shell vulnerabilities, was: Re: What to do with my VAX.....

[Simon Clubley]

On 2020-10-23, seasoned_geek <roland at logikalsolutions.com> wrote:
> On Monday, October 19, 2020 at 3:33:32 PM UTC-5, Scott Dorsey wrote:
>> 
>> A person who believes as seasoned_geek does should run an operating system
>> in which the tcp/ip stack is not an integral part of the kernel.  Like,
>> for example, 4.1BSD.. which... just so happens to run on the vax!
>> --scott
>> 
>
> Which would have the 25+ year old Bash shell super vulnerability. They don't
> need to have the IP stack running as part of the kernel as long as they can
> crack IP enough to get a Bash sell under even a GUEST account. With that
> vulnerability they will be God on the machine.
>

Huh? What makes you think Bash would have been the shell on that version
of Unix ?

25 years is a long time, but in this case Bash needed to be used from
within a privileged program that executed commands via Bash in order
for the exploit to be usable.

Did you hear about the operating system that had a similar vulnerability
which wasn't found for 33 years and which could be exploited directly
from the shell shipped with the operating system provided you had
direct access to the shell's command line ?

You could exploit it on the first two architectures this operating system
was supplied for and it's an open question whether someone familiar with
the third architecture this operating system runs on could also change
the exploit to do something bad on that third architecture.

> There simply is no way to secure any OS that is running *nix based TCP/IP.
> None.

In the case of the 33-year-old vulnerability, you didn't need a network
stack to exploit it. Direct access to the operating system supplied
shell was sufficient.

BTW, that operating system was VMS, and the shell was DCL.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.