Security Patch Kit DCL100 Available
VMS Software, Inc. (VSI), released a patch kit for all versions of OpenVMS to address a potential security vulnerability. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation in non-privileged accounts. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. All versions of VMS and OpenVMS after and including VAX/VMS 4.0 are affected.
Click here to download the security announcement from VSI's VP of SW Engineering, Eddie Orcutt.