Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.os.vms
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion VMS security vulnerability (POP server)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Phillip Helbig---remove CLOTHES to reply  
View profile  
 More options Jul 3 2007, 1:59 am
Newsgroups: comp.os.vms
From: hel...@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Date: Tue, 3 Jul 2007 05:59:39 +0000 (UTC)
Local: Tues, Jul 3 2007 1:59 am
Subject: Re: VMS security vulnerability (POP server)
Print | View thread | Show original | Report this message | Find messages by this author
Note that this was posted to the ovms-li...@openvms.org by Hoff:

From:   SMTP%"ovms-li...@openvms.org"  2-JUL-2007 21:50:28.68
To:     "Patch and Security Alerts" <ale...@openvms.org>
Subj:   [OVMS-Alert] TCP/IP Services POP3 Security Vulnerability Report in Wild

 From Stephen Hoffman, Hoffman Labs:

JF Mezei has posted details of a security vulnerability in
the OpenVMS TCP/IP Services POP3 implementation (current
versions) into the comp.os.vms newsgroup, reportedly after
contacting HP with the initial report of the
vulnerability. Mr Mezei indicates a local OpenVMS Alpha
system was targeted by a POP3 dictionary attack.

Remote IP-based POP3-based dictionary attacks appear
feasible against passwords using this vulnerability, and
no breakin evasion processing is performed.

I've posted a quick review of the newsgroup report and
some suggestions at the HoffmanLabs site:

  http://64.223.189.234/node/395

The original report is available here:

  http://groups.google.com/group/comp.os.vms/msg/8a42e91fe1e9cd36

It is unclear if other components of TCP/IP Services are
similarly afflicted.

_______________________________________________

NOTICE: Patches/Kits may not be available for several hours.  -KF
_______________________________________________
You are subscribed to: ale...@openvms.org
To subscribe: alerts-subscr...@openvms.org
To unsubscribe: alerts-unsubscr...@openvms.org

Send administrative queries to <alerts-requ...@openvms.org>

Please forward to friends and co-workers.

OpenVMS.org lists are not affiliated with HP.
OpenVMS is a trademark of HP.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google