From: MERC::"uunet!CRVAX.SRI.COM!RELAY-INFO-VAX" 25-FEB-1993 21:47:17.90 To: Info-VAX@KL.SRI.COM CC: Subj: Re: CERT Advisory: OpenVMS and OpenVMS AXP Vulnerability In article <10952133@MVB.SAIC.COM> "McMahon,Brian D" writes: >Eberhard Heuser-Hofmann writes: > >> I think it's meaningful to get this special patch via >> the gatekeeper-server!! > >*** HEATERS ON FULL *** > >ABSOLUTELY NOT!!! > >Making this patch available for worldwide FTP is a *BAD* idea! It would >COMPLETELY INVALIDATE the care taken not to disclose the exact nature of >the vulnerability until system managers have had a chance to correct the >problem! I assure you, within hours of the patch being posted, cyberpunks >all over the world will be happily disecting the patch kit to deduce the >hole it fixes. > >No, no, a thousand times NO! > >Please, DEC, don't compromise your customers' security! > >*** HEATERS OFF *** Yeah, right. The patch kit contains new copies of sys$loadable_images:image_management.exe and page_management.exe, as well as sys$vm.exe for V1.0 AXP. Oops, I've let the cat out of the bag. Cyberpunks all over the world will be happily disecting those files to deduce what holes are present in them. >Brian McMahon (BDM13) >Postmaster / Acad. Software Support Grinnell College Computer Services >Grinnell, Iowa 50112 USA Voice: +1 515 269 4901 Fax: +1 515 269 4936 Darrin -- M Darrin Chaney, Senior Database Programmer, University Computing Services, IU mdchaney@indiana.edu 1000 E 17th St. Work: (812)855-5492 mdchaney@iubacs.bitnet Bloomington, IN 47408 Home: (812)333-6311 "I want- I need- to live, to see it all..."