https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687388#M46216 <P>The version number of the VMS NTP server is — if it's actually the ISC version — ancient.</P><P>&nbsp;</P><P>I'd expect that the NTP server is vulnerable, and that it's likely best to ask HP support directly, respectively.</P><P>&nbsp;</P><P>In my opinion, it's usually best to firewall VMS acccess. &nbsp; &nbsp;VMS configurations commonly&nbsp;feature&nbsp;various other insecure transports. &nbsp; There's usually little reason to expose a VMS-based NTP server outside of the local network. &nbsp; &nbsp;There's no secure POP or IMAP support with TCP/IP Services, and SCS is wide open to anyone with a privileged network position, SMB/CIFS was pretty old, Apache is old and contains a known-insecure SSL implementation, etc.</P> Mon, 22 Dec 2014 20:02:38 GMT Hoff 2014-12-22T20:02:38Z https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687355#M46215 <P>With the recent notice concerning NTP is HP TCPIP on OpenVMS vulnerable and if it is, will the be a patch?</P><P>&nbsp;</P><P><A href="https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01" target="_blank">https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01</A></P> Mon, 22 Dec 2014 18:22:59 GMT https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687355#M46215 Peter Zeiszler 2014-12-22T18:22:59Z https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687388#M46216 <P>The version number of the VMS NTP server is — if it's actually the ISC version — ancient.</P><P>&nbsp;</P><P>I'd expect that the NTP server is vulnerable, and that it's likely best to ask HP support directly, respectively.</P><P>&nbsp;</P><P>In my opinion, it's usually best to firewall VMS acccess. &nbsp; &nbsp;VMS configurations commonly&nbsp;feature&nbsp;various other insecure transports. &nbsp; There's usually little reason to expose a VMS-based NTP server outside of the local network. &nbsp; &nbsp;There's no secure POP or IMAP support with TCP/IP Services, and SCS is wide open to anyone with a privileged network position, SMB/CIFS was pretty old, Apache is old and contains a known-insecure SSL implementation, etc.</P> Mon, 22 Dec 2014 20:02:38 GMT https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687388#M46216 Hoff 2014-12-22T20:02:38Z https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687408#M46217 <P>Luckily we are behind firewalls and such. &nbsp;Just wondering if I needed to find a new patch to upload to systems and if anyone else had heard anything about it. &nbsp;Today's alerts was the first I heard about it. &nbsp;I know about the older protocols and apache.&nbsp;</P> Mon, 22 Dec 2014 21:23:18 GMT https://community.hpe.com/t5/operating-system-openvms/hp-tcpip-vulnerable/m-p/6687408#M46217 Peter Zeiszler 2014-12-22T21:23:18Z