tada@athena.mit.edu (Michael Zehr) (04/01/88)
Today I arrived in my office to find two, count 'em two tapes from DEC. Both of them said "VAX/VMS-MICROVMS V4 MUP TK50". Both of came with a "you must install this to fix a security problem" letter. I recall getting something like this summer/fall/a-while-ago. Typically, my reaction would be: okay, access to our systems is pretty well controlled, but i might as well install this stuff anyway. But, there are a few reasons why I'm hesitating. Our software upgrade service was stuck for a while and recently became unstuck (we only recently got C 3.2 and VMS 4.7 -- we're still waiting for VMS 4.6) and it's possibly that we should have gotten these a while ago but didn't. (I hunted down the old cover letter for the old security update, and the code on it is different, but it could just be re-packaged.) Also, the sort of work we've been doing of late requires a number of batch jobs to be running all the time, and they'd all have to be restarted after the install and reboot, and i'd have to coordinate it with all the different project people. So... my question is, is this a New Thing? Or and Old Thing? And does anyone know whether it's really essential or not? Thanks for any help. Oh, by the way, the tape number is AQ-LD66A-BE and the letters that came with it are AV-LS14A-TE and AV-LD72A-TE it that helps anyone figure out what these are... ------- michael j zehr "My opinions are my own ... as is my spelling."
dhunt%nasamail@AMES.ARC.NASA.GOV (DOUGLAS B. HUNT) (04/04/88)
Yes -- it is very important that those patches be applied. Contact your DEC representative to determine what the nature of the problems are. doug hunt NASA Automated Information Security Program Manager "haven't had my own opinions for some time ............."
SHAVA@ISIS.MIT.EDU (04/06/88)
From: ISIS::SHAVA 5-APR-1988 14:06
To: IN%"tada@athena.mit.edu",SHAVA
Subj: RE: VMS Security Update
My understanding is that this update is a new thing. Due to the futzing
around (I refuse to use the term hacking in this sense!!) of the Chaos
Computer Club in Munich (?), a hole in vms security was found that may allow
non-privileged users to crash the system. *THIS IS A RUMOR* I don't have
any one place that I have gotten a whole story from. However, the release
notes recommend highly, and I tend to agree, that you install the security
update.
Shava
{if this were official, I'd still be down in legal getting it approved...}