[Info-vax] VSI strategy for OpenVMS
Arne Vajhøj
arne at vajhoej.dk
Fri Sep 17 11:43:07 EDT 2021
On 9/17/2021 8:51 AM, Simon Clubley wrote:
> On 2021-09-16, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>
>> If one actually wants to hack an Alpha it is necessary to insert
>> valid Alpha instructions to be executed.
>>
>> But for research inserting x86-64 instructions and see something
>> crash should be sufficient to prove that there is a vulnerability.
>>
>
> That tells you there's a program/system crasher vulnerability.
>
> It doesn't tell you if it can be converted to a RCE vulnerability.
>
> RCE vulnerabilities are _way_ more sexy to an attacker. :-)
>
> (They also require much more work and detailed system/architecture knowledge.)
If they can insert and try execute x86-64 instructions then I would
expect that the same would be possible with Alpha instructions and
that it could work.
The vulnerability needs to get identified and fixed.
Actually executing some code looks super cool as a screenshot. But
it does not matter from a security perspective.
>> I think you will be disappointed about the number of security
>> researchers that will look at VMS when VMS x86-64 hits the
>> streets.
>>
>> It may very well end up like zero.
>
> Something new and different, combined with VSI's marketing language ?
>
> I'm not so sure of that...
We will know soon.
Arne
More information about the Info-vax
mailing list