- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2010 03:30 PM
тАО07-06-2010 03:30 PM
MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
The brief description of this OpenVMS MUP states that when using the
SHOW PROCESS/CONTINUOUS command, there can be "local disclosure of information".
Does this MUP correct unintended display of system information only? Is there a nastier reason that would warrant installing this MUP?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2010 07:17 PM
тАО07-06-2010 07:17 PM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
You can find the details of the patch at the following location -
* patch details: VMS831H1I_SYS_MUP-V1100
http://www11.itrc.hp.com/service/patch/patchDetail.do?patchid=VMS831H1I_SYS_MUP-V1100&sel={openvms:i64:8.3-1h1,}&BC=main|search|
As per the patch details -
>>5.2.1 A potential security vulnerability has been fixed with HP OpenVMS
>> Auditing
>> The vulnerability could result in a local disclosure of information.
This is related to OpenVMS Audit logfile information disclosure.
If a user logs in with a invalid password for a number of times, then he would
be marked as a intruder. However the break-in logs would contain invalid
password in the password field.
The fix was to replace the invalid password with the text "
>> 5.2.3 SHOW PROCESS/CONTINUOUS Command can cause undesired
>> behavior on OpenVMS I64 System
This was related to a problem where the system would crash when the
DCL "$SHOW PROCESS/CONTINUOUS" command was being executed.
>> Is there a nastier reason that would warrant installing this MUP?
Does not look like.
Based on the above information, you need to decide whether its important for
this patch to be installed in your environment.
Hope this helps.
Regards,
Murali
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2010 09:25 PM
тАО07-06-2010 09:25 PM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
thank you very much for the additional details of the 'local disclosure of information'. Note that this 'disclosure' most likely does exist since OpenVMS V1.0, so it was a design decision to display the passwords under these circumstances. You need privileges or access to a privileged terminal to view this data.
This information should help the system managers to decide, whether to install this MUP patch.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-07-2010 05:59 AM
тАО07-07-2010 05:59 AM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
Please take particular note of 5.2.3 in Murali's post.
Potential crashes that have not yet been experienced tend to be discounted. Unfortunately, Murphy's Law applies. Additionally, there are frequently other ways of encountering the problem.
Scheduled updates are generally easier to deal with than an unexpected encounter with the problem.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-07-2010 07:32 AM
тАО07-07-2010 07:32 AM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-07-2010 07:37 AM
тАО07-07-2010 07:37 AM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
Please refer the following link which says how you can thank the forum -
http://forums11.itrc.hp.com/service/forums/helptips.do?#28
Regards,
Murali
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 03:00 PM
тАО07-11-2010 03:00 PM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
So here's what you get when you eliminate much of the history/memory of your engineering team!
My recollection is that what appears to have been changed was a deliberate feature of intrusion detection and evasion.
*Suspect* usernames and passwords were obscured in audit alarms and journal, on the assumption that a common error for a geniune login error for an authorized user would be for the username and/or password to contain sufficient information to guess the real password.
However, once there were sufficient attempts to become an intruder, it's unlikely to be a real error, so both usernames and passwords were logged in clear text. Since the audit journal requires privileged access, it's not such a big deal that a password might be revealed, as anyone who can read it can reset passwords anyway. Second, it allows the system manager to analyze intrusion attempts to determine the nature of the attack (which I've used a few times).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 03:48 PM
тАО07-11-2010 03:48 PM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
This is (was) documented and intentional behavior within OpenVMS security mechanisms, and was designed to allow any particular password selections or break-in techniques being utilized by the intruder to be identified. Specifically, if this was a dictionary attack or something targeted to the user or the group or the server or the organization.
Here's a quick reference:
http://h71000.www7.hp.com/doc/84final/6048/6048pro_008.html
Additionally (and with rather more clarity) "Passwords used in break-in attempts are not displayed on security operator terminals, but they are logged to the security audit log file and can be displayed with the Audit Analysis utility." from page 325 here:
http://h71000.www7.hp.com/doc/732final/aa-q2hlg-te/aa-q2hlg-te.pdf
The decision to send these break-in passwords (just) to the auditing database and not to alarms (where viewing was not controlled) was also deliberate, as was the decision to send along cleartext passwords for an intruder and not for suspects.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2010 05:35 AM
тАО07-12-2010 05:35 AM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2010 08:19 AM
тАО07-12-2010 08:19 AM
Re: MUP VMS831H1I_SYS_MUP-V1100 - how critical is this?
>is a deliberate change in policy.
Ian - Really? Was the change in policy before or after the code change?
If this really was a change in policy, why was the change in policy not documented as such? Why was this presented as a "Problem corrected" and then a MUP issued?
If the intent was to change a well known behavior it should have been clearly documented as a change in behavior.
Brad McCusker
Software Concepts International
www.sciinc.com
Software Concepts International