Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
OpenVMS
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====Vulnerabilities==== * Early versions of VMS included a number of privileged user accounts (including <code>SYSTEM</code>, <code>FIELD</code>, <code>SYSTEST</code> and <code>DECNET</code>) with default passwords which were often left unchanged by system managers.<ref>{{cite journal|last1=Green|first1=James L.|last2=Sisson|first2=Patricia L.|title=The "Father Christmas" Worm|journal=12th National Computer Security Conference Proceedings|date=June 1989|url=https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19920019024.pdf|accessdate=November 23, 2015|ref=green1989}}</ref><ref>{{cite web|url=https://www.giac.org/paper/gsna/176/security-audit-openvms-internal-auditors-perspective/106696|title=Security Audit on OpenVMS: An Internal Auditor's Perspective|date=November 2004|author=Kevin Rich|publisher=SANS Institute|access-date=July 21, 2021}}</ref> A number of [[computer worm]]s for VMS including the [[WANK (computer worm)|WANK worm]] and the [[Father Christmas (computer worm)|Father Christmas worm]] exploited these default passwords to gain access to nodes on DECnet networks.<ref>{{cite web|url=https://www.youtube.com/watch?v=Xf7gVma6_3g |archive-url=https://ghostarchive.org/varchive/youtube/20211211/Xf7gVma6_3g| archive-date=December 11, 2021 |url-status=live|title=DEFCON 16: Hacking OpenVMS|date=January 20, 2011|author1=Claes Nyberg|author2=Christer Oberg|author3=James Tusini|website=[[YouTube]]|access-date=July 21, 2021}}{{cbignore}}</ref> This issue was also described by [[Clifford Stoll]] in ''[[The Cuckoo's Egg (book)|The Cuckoo's Egg]]'' as a means by which [[Markus Hess]] gained unauthorized access to VAX/VMS systems.<ref>{{cite book |last1=Stoll |first1=Clifford |title=The Cuckoo's Egg : tracking a spy through the maze of computer espionage |date=1989 |publisher=Doubleday |location=New York |isbn=0-385-24946-2 |edition=1st}}</ref> In V5.0, the default passwords were removed, and it became mandatory to provide passwords for these accounts during system setup.<ref name="vms-5.0-rel-notes" /> * A 33-year-old vulnerability in VMS on VAX and Alpha was discovered in 2017 and assigned the CVE ID {{CVE|2017-17482}}. On the affected platforms, this vulnerability allowed an attacker with access to the DCL command line to carry out a [[privilege escalation]] attack. The vulnerability relies on exploiting a [[buffer overflow]] bug in the DCL command processing code, the ability for a user to interrupt a running image (program [[executable]]) with {{kbd|CTRL/Y}} and return to the DCL prompt, and the fact that DCL retains the privileges of the interrupted image.<ref>On the internal workings of the CTRL-Y mechanism, see: OpenVMS AXP Internals and Data Structures, Version 1.5, sections 30.6.5.1 (CTRL/Y Processing) and 30.6.5.4 (CONTINUE Command) at pp. 1074β1076.</ref> The buffer overflow bug allowed [[shellcode]] to be executed with the privileges of an interrupted image. This could be used in conjunction with an image installed with higher privileges than the attacker's account to bypass system security.<ref>{{cite web|title=Ghost in the DCL shell: OpenVMS, touted as ultra reliable, had a local root hole for 30 years|url=https://www.theregister.com/2018/02/06/openvms_vulnerability/|date=February 6, 2018|access-date=January 13, 2021|author=John Leyden|website=theregister.com}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
OpenVMS
(section)
Add topic
