Advisories : VMS ANALYZE/PROCESS

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : VMS ANALYZE/PROCESS_DUMP

Title:	VMS ANALYZE/PROCESS_DUMP
Released by:	CERT
Date:	25th October 1990
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1





CA-90:07

Last Revised: September 17,1997

                Attached Copyright Statement



                               CERT Advisory

                              October 25, 1990

                          VMS ANALYZE/PROCESS_DUMP



- -------------------------------------------------------------------------



The CERT/CC has received a report of a security vulnerability which

exists under specific conditions in Digital VMS Software  (Versions 4.0

to 5.4).  The DESCRIPTION, IMPACT, SOLUTION, and CONTACT INFORMATION

sections below have been provided to the CERT/CC by the Digital Equipment

Corporation.

 

- -------------------------------------------------------------------------

DESCRIPTION:

 

Non-privileged users can acquire system privileges through

the ANALYZE/PROCESS_DUMP routine.

 

 

IMPACT:

 

Non-privileged users who gain increased privileges might deliberately

or inadvertently affect the integrity of system information and/or

affect the integrity of the computing resource.

 

SOLUTION:

 

Digital is currently working on a permanent solution to this 

problem.  While a permanent fix is being completed, Digital 

recommends that the following actions be taken on every VMS 

system (this includes all nodes in a VAXcluster system).

 

                   

After taking the following actions, non-privileged users will not be able 

to use the ANALYZE/PROCESS_DUMP command.

 

1.  Log into the system account.

 

2.  $ SET PROC/PRIV=ALL

 

3.  a)  For VMS versions prior to V5.0,

 

        Modify SYS$MANAGER:SYSTARTUP.COM to include the following lines:

 

                 $ SET NOON

                 $ MCR INSTALL ANALIMDMP.EXE/DELETE

 

        as the first two commands in this file.

 

    b)  For VMS versions V5.0 and later,

 

        Modify SYS$MANAGER:SYSTARTUP_V5.COM to include the following 

        lines:

 

                 $ SET NOON

                 $ MCR INSTALL ANALIMDMP.EXE/DELETE

 

        as the first two commands in this file.

 

    c)  For MicroVMS systems,

 

        The image ANALIMDMP.EXE is not installed by default, but 

        SYSTARTUP.COM contains a suggestion for installing the image if 

        you have multiple users on your system.  You must ensure that 

        this image is not installed by SYSTARTUP.COM.  You can  use the

        following command to verify that the image is not  installed:

 

                  $ MCR INSTALL ANALIMDMP/LIST

        

4.  $ MCR INSTALL ANALIMDMP/DELETE

 

    This command removes the installed image from the active system.

 

5.  (Optional) Restart your systems and verify that the image is not 

    installed using the following command:

 

                  $ MCR INSTALL ANALIMDMP/LIST

 

     You should receive a message similar to the following:

 

        %INSTALL-W-FAIL, failed to LIST entry for ANALIMDMP.EXE

        -INSTALL-E-NOKFEFND, Known File Entry not found

 

 

CONTACT INFORMATION:

 

For further questions, please contact your Digital Customer Support     

Center.

 

- -------------------------------------------------------------------------



The CERT/CC thanks Digital for the information above, and thanks Clive

Walmsley, Royal Signal and Radar Establishment, Malvern England, for

reporting this problem to CERT/CC.

 

- -------------------------------------------------------------------------

 

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

 

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline: CERT personnel answer

           7:30a.m.-6:00p.m. EST, on call for

           emergencies other hours.

 

Past advisories and other information are available for anonymous ftp

from cert.org (192.88.209.5).

- -------------------------------------------------------------------------





Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision History



September 17,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS8t1r9kb5qlZHQEQLosQCgtN4gGad5H4WBmdknkJwjzcBHcosAn2ap

9Mq3tIxQsdFsqyEukWPYrUaL

=L1MZ

-----END PGP SIGNATURE-----