[Info-vax] Shell vulnerabilities, was: Re: What to do with my VAX.....
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Sun Oct 25 09:43:08 EDT 2020
In article <rn1qab$oms$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>On 2020-10-23, seasoned_geek <roland at logikalsolutions.com> wrote:
>> On Monday, October 19, 2020 at 3:33:32 PM UTC-5, Scott Dorsey wrote:
>>>
>>> A person who believes as seasoned_geek does should run an operating system
>>> in which the tcp/ip stack is not an integral part of the kernel. Like,
>>> for example, 4.1BSD.. which... just so happens to run on the vax!
>>> --scott
>>>
>>
>> Which would have the 25+ year old Bash shell super vulnerability. They don't
>> need to have the IP stack running as part of the kernel as long as they can
>> crack IP enough to get a Bash sell under even a GUEST account. With that
>> vulnerability they will be God on the machine.
>>
>
>Huh? What makes you think Bash would have been the shell on that version
>of Unix ?
>
>25 years is a long time, but in this case Bash needed to be used from
>within a privileged program that executed commands via Bash in order
>for the exploit to be usable.
>
>Did you hear about the operating system that had a similar vulnerability
>which wasn't found for 33 years and which could be exploited directly
>from the shell shipped with the operating system provided you had
>direct access to the shell's command line ?
>
>You could exploit it on the first two architectures this operating system
>was supplied for and it's an open question whether someone familiar with
>the third architecture this operating system runs on could also change
>the exploit to do something bad on that third architecture.
>
>> There simply is no way to secure any OS that is running *nix based TCP/IP.
>> None.
>
>In the case of the 33-year-old vulnerability, you didn't need a network
>stack to exploit it. Direct access to the operating system supplied
>shell was sufficient.
>
>BTW, that operating system was VMS, and the shell was DCL.
https://images.app.goo.gl/A9QJ315U5iJ2j1d29
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
More information about the Info-vax
mailing list