CVE-2008-5417

Name of the Vulnerable Software and Affected Versions HP DECnet-Plus version 8.3 before ECO03 for OpenVMS on the Alpha platform

Description The issue allows local users to bypass intended access restrictions and modify the OSIT$NAMES logical name table due to world-writable permissions. This can be achieved via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.

Recommendations For HP DECnet-Plus version 8.3 before ECO03, update to ECO03 or later to resolve the issue. As a temporary workaround, consider restricting access to the SYS$CRELNM and SYS$DELLNM system services to minimize the risk of exploitation.