Simon Clubley

Name of the Vulnerable Software and Affected Versions: OpenVMS versions prior to V8.4-2L2 on Alpha OpenVMS versions prior to V8.4-2L1 on IA64 VAX/VMS versions 4.0 and later Description: A malformed DCL command table may result in a buffer overflow, allowing a local privilege escalation when a non-privileged account enters a crafted command line. This issue is exploitable on VAX and Alpha and may cause a process crash on IA64. Recommendations: For OpenVMS versions prior to V8.4-2L2 on Alpha, update to version V8.4-2L2 or later to resolve the issue. For OpenVMS versions prior to V8.4-2L1 on IA64, update to version V8.4-2L1 or later to resolve the issue. For VAX/VMS versions 4.0 and later, consider restricting access to the DCL command table to minimize the risk of exploitation until a patch is available.