From:	MERC::"uunet!CRVAX.SRI.COM!RELAY-INFO-VAX" 27-FEB-1993 02:49:05.92
To:	Info-VAX@KL.SRI.COM
CC:	
Subj:	Re: CERT Advisory: OpenVMS and OpenVMS AXP Vulnerability

In article <C30usz.5rC@usenet.ucs.indiana.edu>, mdchaney@fractal.ucs.indiana.edu (M Darrin Chaney) writes...
# 
#Yeah, right.
# 
#The patch kit contains new copies of
#sys$loadable_images:image_management.exe and page_management.exe, as
#well as sys$vm.exe for V1.0 AXP.  Oops, I've let the cat out of the bag.
#Cyberpunks all over the world will be happily disecting those files to
#deduce what holes are present in them.

Yeah, and if you spend more than a minute you might realize that the
page_management stuff is old bugfixes.  The security stuff is the
image_management replacement.  If you're even bright you'll figure
out what part in the sys$vm.exe (axp) does the same as what part in
the image_management.exe that was changed.  

I'll even throw old Ray a bone: process_isd_list incorporates extra
checks.  Now if only somone will tell me what (31)sp is...

#	Darrin
#-- 
#M Darrin Chaney, Senior Database Programmer, University Computing Services, IU
#mdchaney@indiana.edu             1000 E 17th St.             Work: (812)855-5492
#mdchaney@iubacs.bitnet           Bloomington, IN 47408       Home: (812)333-6311
#"I want- I need- to live, to see it all..."

	Ehud

--
Ehud Gavron        (EG76)     
gavron@aces.com