[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : OpenVMS (VAX & ALPHA) V7.1 LOGINOUT Potential Security Vulnerability

Title: OpenVMS (VAX & ALPHA) V7.1 LOGINOUT Potential Security Vulnerability
Released by:
Date: 28th July 1998
Printable version: Click here
UPDATED:                                JULY 24, 1998

DATE:                                   JULY 13, 1998

  TITLE:  OpenVMS (VAX & ALPHA) V7.1

          LOGINOUT Potential Security Vulnerability

          Ref #: SSRT0541V


        SOURCE: Compaq Computer Corporation

                Software Security Response Team


"We are broadly distributing this Security Advisory in order

to bring to the attention of users of OpenVMS products the

important security information contained in this Advisory.

We recommend that all users determine the applicability

of this information to their individual situations and take

appropriate action.

Compaq Computer Corporation does not warrant that

this information is necessarily accurate or complete

for all user situations and, consequently, will not be

responsible for any damages resulting from user's

use or disregard of the information provided in this Advisory."


- - ----------------------------------------------------------------------



A potential vulnerability with LOGINOUT  for

OpenVMS (VAX & ALPHA) V7.1 software has been

discovered, where under certain circumstances,

a user may gain unauthorized access.

Prior versions of OpenVMS (VAX & ALPHA) are not affected.

This potential vulnerability is limited to OpenVMS V7.1 with

external authentication enabled. The vulnerability does not

exist if external authentication is disabled.

(External authentication is disabled by

default. Please refer to the OpenVMS Guide to System Security,

section 7.4, for detailed information on external authentication.)

We strongly recommend that OpenVMS V7.1 customers install the

appropriate patch kit immediately.



- - ----------------------------------------------------------------------


This potential security vulnerability has been resolved and an

official patch for this problem has been made available for OpenVMS

VAX V7.1 and OpenVMS ALPHA V7.1, V7.1-1H1, and V7.1-1H2 systems.

  o the World Wide Web at the following FTP address:


 Use the FTP access option, select the directory,

 then choose the appropriate VAX/V7.1

 or ALP/V7.1 directory and download the

 patch accordingly.

    OpenVMS VAX kit


    OpenVMS Alpha kit


  Note: [1]The appropriate patch kit must be installed

     following any upgrade to OpenVMS (VAX or ALPHA) V7.1


        [2] Please review the appropriate release notes and

     cover letter prior to installation.


 If you need further information, please contact your normal Compaq

 Customer Services support channel for OpenVMS (VAX or ALPHA).

 We appreciate your cooperation and patience. We regret any

 inconvenience applying this information may cause.

 As always, we urge you to periodically review your system

 management and security procedures.

 We will continue to review and enhance the security

 features of our products and work with customers to

 maintain and improve the security and integrity of

 their systems.


(c) Copyright 1994, 1995, 1996, 1997, 1998 Compaq Computer

Corporation.  All Rights Reserved.   Unpublished Rights

Reserved Under The Copyright Laws Of The United States.


(C) 1999-2000 All rights reserved.