______________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
____________________________________________________
I N F O R M A T I O N B U L L E T I N
OpenVMS Security Patch #1084 Problems
Addendum to CIAC Advisory D-08
MAR 2, 1993 1400 PST Number D-09
___________________________________________________________________________
PROBLEM: Systems with security patch #1084 installed will not boot after
performing certain system upgrades.
PLATFORM: VMS, OpenVMS VAX and SEVMS systems.
DAMAGE: System security is not affected.
SOLUTION: Restore the old files before upgrading or apply a patch to the
new IMAGE_MANAGEMENT.EXE file.
___________________________________________________________________________
Critical Information about OpenVMS VAX Patch Problems
CIAC has learned that applying specific system upgrades to VMS, OpenVMS VAX
and Security Enhanced VMS (SEVMS) which have been patched as described in CIAC
Advisory D-08 "Potential Vulnerability in VMS V5 and Derivative Operating
Systems, February 23, 1993" leaves systems which will not boot. The patch is
#1084 and the specific upgrades are: V5.3 to V5.3-1; V5.3-1 to V5.3-2; V5.5 to
V5.5-2; V5.5-1 to V5.5-2. All other upgrades are not affected.
This patch's installation procedure leaves the old IMAGE_MANAGEMENT.EXE and
PAGE_MANAGEMENT.EXE files in the SYS$COMMON:[SYS$LDR] directory. The system
can be restored for upgrade as long as these files have not been removed.
Prior to system upgrade, use rename to change the old files to a higher
version than the new files. Otherwise, take the corrective action described
in addendum SSRT 02.25-01 (see below). DEC requests that 02.25-01 be
redistributed intact.
========================== Begin DEC Addendum 02.25-01 ========================
SSRT 02.25 - 01 01.MAR.1993 Addendum Advisory
RE: SSRT 02.25 dated 23.FEB.1993
SOURCE: Digital Equipment Corporation
AUTHOR: Software Security Response Team
Colorado Springs, CO.
DESCRIPTION
------------
Digital has received information concerning a problem while upgrading
the OpenVMS VAX Version paths listed below.
OpenVMS VAX versions affected:
------------------------------
upgrade paths V5.3 to V5.3-1
V5.3-1 to V5.3-2
V5.5 to V5.5-2
V5.5-1 to V5.5-2
A problem will occur during an upgrade to a system that previously installed
the Security Kit identified as:
CSCPAT_1084010.A (combined kit for all OpenVMS VAX
Versions affected. DSNlink kit.)
VAXSYS01_U2053.A OpenVMS V5.3, V5.3-1, V5.3-2
VAXSYS02_U2055.A OpenVMS V5.5, V5.5-1, V5.5-2
NOTE:
*****
All other applicable versions of OpenVMS VAX and their supported upgrade paths
do not exhibit this symptom if the Security Kit (identified in an advisory
SSRT 02.25 dated 23.FEB.1993) was installed before upgrading to the next
higher version.
The Security Kit must be re-applied after all OpenVMS VAX upgrades for V5.0
through V5.5-2. Digital recommends that until OpenVMS VAX V6.0 or OpenVMS
AXP V1.5 is installed later this year, contact your Digital Services Support
organization to obtain the most current version of the applicable Security
Kit.
IMPACT
---------
Anyone who upgrades from OpenVMS VAX V5.3 to V5.3-1, V5.3-1 to V5.3-2,
V5.5 to V5.5-2, or V5.5-1 to V5.5-2 will experience an error directly related
to having the Security Kit installed prior to the OpenVMS VAX upgrades listed
above. The system will to fail to boot properly after the completion of the
upgrade.
SOLUTION
---------
If you renamed the images replaced following the installation of the Security
Kit, restore the saved images prior to upgrading OpenVMS VAX to the next
higher release then re-apply the Security Kit. The images replaced by
the Security Kit identified above are:
PAGE_MANAGEMENT.EXE & IMAGE_MANAGEMENT.EXE
and placed in the directory SYS$COMMON:[SYS$LDR]
WARNING: To prevent a similar problem ensure that no copies of the above
images exist in the SYS$SPECIFIC:[SYS$LDR] directory.
If the images replaced during the Security Kit installation cannot be restored
prior to your upgrade, enter the commands (as indicated below) after your
OpenVMS VAX upgrade completes.
**** IN EACH CASE, THE SOLUTION BELOW IS A POST OpenVMS VAX UPGRADE EVENT ****
!For OpenVMS VAX V5.3 upgrade paths
! V5.3 to V5.3-1
! V5.3-1 to V5.3-2
!
! At the point where the OpenVMS upgrade process has completed:
! From the systems console invoke a conversational boot then enter the
! remaining commands as shown and follow the instructions for re-booting.
>>>
>>> B/1 !YOUR PARTICULAR BOOT FOR CONVERSATIONAL MODE MAY BE DIFFERENT
SYSBOOT> SET/START=OPA0:
SYSBOOT> C
$
$ set noon
$ set default [vms$common.sys$ldr]
$ patch/update=(1) image_management.exe
SET ECO 1
REPL/INST 0A0F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
Press the HALT button, reboot the system, and re-install the Security Kit and
reboot again for the installation to become effective.
----------------------------------------------------------------------------
!For OpenVMS VAX V5.5 upgrade paths
! V5.5 to V5.5-2
! V5.5-1 to V5.5-2
!
! At the point where the OpenVMS upgrade process has completed:
! From the systems console invoke a conversational boot then enter the
! remaining commands as shown and follow the instructions for re-booting.
>>>
>>> B/1 !YOUR PARTICULAR BOOT FOR CONVERSATIONAL MODE MAY BE DIFFERENT
SYSBOOT> SET/START=OPA0:
SYSBOOT> C
$ set noon
$ set default [vms$common.sys$ldr]
$ patch/update=(1) image_management.exe
SET ECO 1
REPL/INST 0A2F='BISB2 #01,B^1F(SP)'
'NOP'
EXIT
UPDATE
EXIT
$
Press the HALT button, reboot the system, and re-install the Security Kit and
reboot again for the installation to become effective.
-----------------------------------------------------------------------------
Copyright (c) Digital Equipment Corporation, 1993 All Rights Reserved.
Published Rights Reserved Under The Copyright Laws Of The United States.
=========================== End DEC Addendum 02.25-01 =========================
CIAC recommends that you follow the DEC advisory addendum if performing an
upgrade for the specific versions indicated. If you need additional
information, contact Mr. Richard Boren of DEC's Software Security Response
Team (SSRT) at 719-592-4689. CIAC wishes to thank Rich for supplying the
advisory used in this bulletin.
If you require additional assistance or wish to report a vulnerability,
call CIAC at (510) 422-8193 or send e-mail to ciac@llnl.gov. FAX
messages to: (510) 423-8002.
For emergencies and off-hour assistance call 1-800-SKYPAGE and enter
PIN number 855-0070 (primary) or 855-0074 (secondary).
The CIAC Bulletin Board, Felicia, can be accessed at 1200 or 2400 baud
at (510) 423-4753 and 9600 baud at (510) 423-3331. Previous CIAC
bulletins and other information is available via anonymous ftp from
irbis.llnl.gov (ip address 128.115.19.60).
PLEASE NOTE: Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained by sending email to docserver@first.org
with an empty subject line and a message body containing the line:
send first-contacts.
This document was prepared as an account of work sponsored by an agency of
the United States Government. Neither the United States Government nor the
University of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately owned
rights. Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government or the University of California. The views
and opinions of authors expressed herein do not necessarily state or reflect
those of the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
