Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

HP TCPIP vulnerable?

Peter Zeiszler
Trusted Contributor

HP TCPIP vulnerable?

With the recent notice concerning NTP is HP TCPIP on OpenVMS vulnerable and if it is, will the be a patch?

 

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01

2 REPLIES
Hoff
Honored Contributor

Re: HP TCPIP vulnerable?

The version number of the VMS NTP server is — if it's actually the ISC version — ancient.

 

I'd expect that the NTP server is vulnerable, and that it's likely best to ask HP support directly, respectively.

 

In my opinion, it's usually best to firewall VMS acccess.    VMS configurations commonly feature various other insecure transports.   There's usually little reason to expose a VMS-based NTP server outside of the local network.    There's no secure POP or IMAP support with TCP/IP Services, and SCS is wide open to anyone with a privileged network position, SMB/CIFS was pretty old, Apache is old and contains a known-insecure SSL implementation, etc.

Peter Zeiszler
Trusted Contributor

Re: HP TCPIP vulnerable?

Luckily we are behind firewalls and such.  Just wondering if I needed to find a new patch to upload to systems and if anyone else had heard anything about it.  Today's alerts was the first I heard about it.  I know about the older protocols and apache.