From:	MERC::"uunet!WKUVX1.BITNET!MacroMan" 24-FEB-1993 16:32:39.98
To:	MACRO32@WKUVX1.BITNET
CC:	
Subj:	Security hole in OpenVMS

In comp.security.announce, they've announced a security hole in OPenVMS for
both the VAX and AXP versions.
The problem is in OpenVMS V5.0 through V5.5-2 and OpenVMS AXP V1.0.  Fixed in
OpenVMS V6.0 and OpenVMS AXP V1.5.
The product numbers of the kits to fix the problem are:

                VAXSYS01_U2050   VMS V5.0, V5.0-1, V5.0-2
                VAXSYS01_U1051   VMS V5.1
                VAXSYS01_U1052   VMS V5.2
                VAXSYS01_U2053   VMS V5.3 thru V5.3-2
                VAXSYS01_U3054   VMS V5.4 thru V5.4-3
                VAXSYS02_U2055   OpenVMS V5.5 thru V5.5-2
                AXPSYS01_010     OpenVMS AXP V1.0
The bug is described rather vaguely as one that allows an unprivileged user to
obtain all privs.
--------------------------------------------------------------------------------
Carl J Lydick | INTERnet: CARL@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL

Disclaimer:  Hey, I understand VAXen and VMS.  That's what I get paid for.  My
understanding of astronomy is purely at the amateur level (or below).  So
unless what I'm saying is directly related to VAX/VMS, don't hold me or my
organization responsible for it.  If it IS related to VAX/VMS, you can try to
hold me responsible for it, but my organization had nothing to do with it.