https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002522#M104251 <P><SPAN><STRONG>Dan</STRONG>&nbsp;- HPE has released a&nbsp;patch that addresses this problem</SPAN><SPAN>: VMS84I_DCL_V0200.&nbsp;&nbsp;</SPAN></P><P><SPAN><STRONG>Francois</STRONG>&nbsp;- If you are located in North America, we can arrange to sell you HPE software support.&nbsp; But, if upgrading to VSI VMS is an option for you, I would strongly consider upgrading to VSI VMS.&nbsp; Why waste the money on VMS 8.4 which is EOL? VSI has an active engineering group and is providing excellent support and they represent the future of VMS.&nbsp;&nbsp;<BR />If you are interested in VSI, we are a VSI authorized&nbsp;reseller, worldwide, and I would be happy to provide a quote.&nbsp;</SPAN></P><P><SPAN>Please feel free to contact me for more information.</SPAN></P> Fri, 13 Apr 2018 21:50:09 GMT Brad McCusker 2018-04-13T21:50:09Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002063#M104241 <P>We are running OpenVMS 8.4 Integrity on BL860c i2 blades.&nbsp; There is a CVE, about a security vulnerability in DCL that we would like to patch.&nbsp; Reference to the CVE: <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17482" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17482</A></P><P>To get access to the patches, we obviously need a support subscription, that we would like to purchase, but we cannot find how to do so.&nbsp; HPE site for support doesn't show any OpenVMS information on support.&nbsp; The roadmap also has broken links (Error 404) for software and support.&nbsp; (they still have links to hp.com instead of hpe.com).</P><P>We contacted hpe, and they asked us if we know a SKU or part number for the support agreement on OpenVMS.&nbsp; Else, it seems they cannot help us!</P><P>We know that VSI has a patch for that DCL vulnerability out, but they refer to HPE support for the 8.4 version of OpenVMS on integrity.&nbsp; Reference: <A href="http://www.vmssoftware.com/pdfs/security/2018/03/VSI_CVE-2017-17482.pdf" target="_blank">http://www.vmssoftware.com/pdfs/security/2018/03/VSI_CVE-2017-17482.pdf</A></P><P>So, is there someone who knows 1) how to contact hpe and 2) how to ask to purchase an OpenVMS support agreement?</P><P>Else, how is VSI support for OpenVMS ?&nbsp;&nbsp;&nbsp; Anyone had used their support services?&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Francois Boucher</P> Tue, 10 Apr 2018 14:44:46 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002063#M104241 frankydude 2018-04-10T14:44:46Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002135#M104242 <P>&nbsp;As far as I am aware. HPE does NOT have a patch for this.&nbsp; VSI does have a patch available for their own releases.</P><P>You can avoid this&nbsp;vulnerability by removing privileges from the installl utility command for CDU.&nbsp; Remove CMEXEC from the list and you will be safe.&nbsp; As long as you use the SYSTEM account for any installs you should be safe.</P><P>Note: Either patch will require a software support contract.</P><P>&nbsp;</P><P>Dan</P> Tue, 10 Apr 2018 23:28:52 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002135#M104242 abrsvc 2018-04-10T23:28:52Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002141#M104243 <P>Forgot to add that with I64 systems, any attempt to exploit this will result in a process crash and not effect anything else.&nbsp; In your case (I64), this may not be an issue.</P><P>Dan</P> Wed, 11 Apr 2018 02:38:28 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002141#M104243 abrsvc 2018-04-11T02:38:28Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002409#M104246 <P>Hello,</P> <P>You can find the HPE OpenVMS Roadmap here : <A href="https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&amp;docLocale=en_US&amp;docId=emr_na-c04623087" target="_blank">https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&amp;docLocale=en_US&amp;docId=emr_na-c04623087</A></P> <P>Contact our support&nbsp;here:&nbsp; <A href="https://support.hpe.com/hpesc/usageSupport" target="_blank">https://support.hpe.com/hpesc/usageSupport</A></P> <P>-Vajith</P> Fri, 13 Apr 2018 06:16:07 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002409#M104246 Vajith V 2018-04-13T06:16:07Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002522#M104251 <P><SPAN><STRONG>Dan</STRONG>&nbsp;- HPE has released a&nbsp;patch that addresses this problem</SPAN><SPAN>: VMS84I_DCL_V0200.&nbsp;&nbsp;</SPAN></P><P><SPAN><STRONG>Francois</STRONG>&nbsp;- If you are located in North America, we can arrange to sell you HPE software support.&nbsp; But, if upgrading to VSI VMS is an option for you, I would strongly consider upgrading to VSI VMS.&nbsp; Why waste the money on VMS 8.4 which is EOL? VSI has an active engineering group and is providing excellent support and they represent the future of VMS.&nbsp;&nbsp;<BR />If you are interested in VSI, we are a VSI authorized&nbsp;reseller, worldwide, and I would be happy to provide a quote.&nbsp;</SPAN></P><P><SPAN>Please feel free to contact me for more information.</SPAN></P> Fri, 13 Apr 2018 21:50:09 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002522#M104251 Brad McCusker 2018-04-13T21:50:09Z https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002524#M104252 <P>Thanks for the update Brad.</P><P>Dan</P> Fri, 13 Apr 2018 22:48:27 GMT https://community.hpe.com/t5/operating-system-openvms/openvms-8-4-integrity-support-ressources/m-p/7002524#M104252 abrsvc 2018-04-13T22:48:27Z