Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
OpenVMS
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security=== OpenVMS provides various security features and mechanisms, including security identifiers, resource identifiers, subsystem identifiers, [[Access control list|ACLs]], [[intrusion detection]] and detailed security auditing and alarms.<ref name="guide-to-system-security">{{cite web|url=https://vmssoftware.com/docs/VSI_System_Security_Manual.pdf|title=VSI OpenVMS Guide to System Security|date=December 2019|access-date=April 26, 2021|publisher=VSI}}</ref> Specific versions evaluated at [[Trusted Computer System Evaluation Criteria]] Class C2 and, with the SEVMS security enhanced release at Class B1.<ref>National Computer Security Center (NCSC) Trusted Product Evaluation List (TPEL)</ref> OpenVMS also holds an ITSEC E3 rating (see [[National Computer Security Center|NCSC]] and [[Common Criteria]]).<ref>{{cite web|url=https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04621379|title=HP OpenVMS Guide to System Security|publisher=Hewlett Packard|date=September 2003|access-date=October 21, 2021}}</ref> Passwords are hashed using the [[George B. Purdy#The Purdy polynomial|Purdy Polynomial]]. ====Vulnerabilities==== * Early versions of VMS included a number of privileged user accounts (including <code>SYSTEM</code>, <code>FIELD</code>, <code>SYSTEST</code> and <code>DECNET</code>) with default passwords which were often left unchanged by system managers.<ref>{{cite journal|last1=Green|first1=James L.|last2=Sisson|first2=Patricia L.|title=The "Father Christmas" Worm|journal=12th National Computer Security Conference Proceedings|date=June 1989|url=https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19920019024.pdf|accessdate=November 23, 2015|ref=green1989}}</ref><ref>{{cite web|url=https://www.giac.org/paper/gsna/176/security-audit-openvms-internal-auditors-perspective/106696|title=Security Audit on OpenVMS: An Internal Auditor's Perspective|date=November 2004|author=Kevin Rich|publisher=SANS Institute|access-date=July 21, 2021}}</ref> A number of [[computer worm]]s for VMS including the [[WANK (computer worm)|WANK worm]] and the [[Father Christmas (computer worm)|Father Christmas worm]] exploited these default passwords to gain access to nodes on DECnet networks.<ref>{{cite web|url=https://www.youtube.com/watch?v=Xf7gVma6_3g |archive-url=https://ghostarchive.org/varchive/youtube/20211211/Xf7gVma6_3g| archive-date=December 11, 2021 |url-status=live|title=DEFCON 16: Hacking OpenVMS|date=January 20, 2011|author1=Claes Nyberg|author2=Christer Oberg|author3=James Tusini|website=[[YouTube]]|access-date=July 21, 2021}}{{cbignore}}</ref> This issue was also described by [[Clifford Stoll]] in ''[[The Cuckoo's Egg (book)|The Cuckoo's Egg]]'' as a means by which [[Markus Hess]] gained unauthorized access to VAX/VMS systems.<ref>{{cite book |last1=Stoll |first1=Clifford |title=The Cuckoo's Egg : tracking a spy through the maze of computer espionage |date=1989 |publisher=Doubleday |location=New York |isbn=0-385-24946-2 |edition=1st}}</ref> In V5.0, the default passwords were removed, and it became mandatory to provide passwords for these accounts during system setup.<ref name="vms-5.0-rel-notes" /> * A 33-year-old vulnerability in VMS on VAX and Alpha was discovered in 2017 and assigned the CVE ID {{CVE|2017-17482}}. On the affected platforms, this vulnerability allowed an attacker with access to the DCL command line to carry out a [[privilege escalation]] attack. The vulnerability relies on exploiting a [[buffer overflow]] bug in the DCL command processing code, the ability for a user to interrupt a running image (program [[executable]]) with {{kbd|CTRL/Y}} and return to the DCL prompt, and the fact that DCL retains the privileges of the interrupted image.<ref>On the internal workings of the CTRL-Y mechanism, see: OpenVMS AXP Internals and Data Structures, Version 1.5, sections 30.6.5.1 (CTRL/Y Processing) and 30.6.5.4 (CONTINUE Command) at pp. 1074β1076.</ref> The buffer overflow bug allowed [[shellcode]] to be executed with the privileges of an interrupted image. This could be used in conjunction with an image installed with higher privileges than the attacker's account to bypass system security.<ref>{{cite web|title=Ghost in the DCL shell: OpenVMS, touted as ultra reliable, had a local root hole for 30 years|url=https://www.theregister.com/2018/02/06/openvms_vulnerability/|date=February 6, 2018|access-date=January 13, 2021|author=John Leyden|website=theregister.com}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)