[Info-vax] VSI strategy for OpenVMS
abrsvc
dansabrservices at yahoo.com
Fri Sep 17 22:28:16 EDT 2021
>
> Everyone here knows about the DCL CVE and the fact it was directly
> exploitable on VAX and Alpha (and causes a crash on Itanium, so it
> was an open question about whether someone with sufficient skills
> and knowledge could do mischief on Itanium).
>
> What you may have forgotten is that a few months before that, I had
> found another way to crash DCL by stuffing the recall buffer full
> of binary data. That earlier attempt also caused a crash, but it was
> not exploitable so nobody had to worry about it from a system compromise
> point of view.
> Simon.
>
> --
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
> Walking destinations on a map are further away than they appear.
But, both cases required being logged into an account correct?
This is different that an external attach not requiring access.
So answer this: If OpenVMS is running on a VM and the VM is compromised, is the problem with OpenVMS or with the VM?
If OpenVMS is running on bare metal, would you expect external vulnerabilities?
More information about the Info-vax
mailing list