Updated: 24-SEP-2003 (Use your browsers' Reload button to ensure you're viewing the most recent version)
CSCPAT_1084 Security & Page Management ECO Summary
Copyright (c) Digital Equipment Corporation 1994. All rights reserved.
Modification Date: 09-NOV-2001
Modification Type: Note added regarding this kit is no longer
available through SSB.
OP/SYS: OpenVMS VAX
OpenVMS AXP
COMPONENT: System Security
SOURCE: Digital Equipment Corporation
ECO INFORMATION:
CSCPAT Kit: CSCPAT_1084 V1.8 (CSCPAT_1084018)
CSCPAT Kit Size: 1638 blocks
Engineering Cross Reference: VAXSMUP01_U2055
VAXSYS01_U3054
VAXSYS02_U2055
VAXSYS01_U2053
VAXSYS01_U2052
VAXSYS01_U2051
VAXSYS01_U2050
AXPSYS02_010
Kit Applies To: OpenVMS VAX V5.0, V5.0-1, V5.0-2, V5.1, V5.1-B,
V5.1-1, V5.2, V5.2-1, V5.3, V5.3-1,
V5.3-2, V5.4, V5.4-1, V5.4-2,
V5.4-3, V5.5, V5.5-1, V5.5-2, V5.5-2H4,
V5.5-2HW
OpenVMS AXP V1.0
NOTE: The installation of this kit will fail on systems
running OpenVMS VAX V5.4-3, V5.5, V5.5-1 and V5.5-2
if the Security MUP3 is installed. This failure is
due to the fact that the Security MUP3 has newer images.
System Reboot Necessary: Yes
NOTES: The difference between V1.7 and V1.8 of CSCPAT_1084 is
a correction to one of the installation files. A
success status was not being returned correctly
with the V1.7 kit.
The difference between V1.6 and 1.7 of CSCPAT_1084 is
that the fixes for OpenVMS AXP V1.5 have been moved
to CSCPAT_2017 and have been taken out of this ECO kit.
The difference between V1.5 and V1.6 of CSCPAT_1084
is the addition in the kit Release Notes of a
post-installation COPY command for SEVMS. This command
is also included in this article in the INSTALLATION
NOTES section.
The difference between V1.2 and V1.3 of CSCPAT_1084
is some additional OpenVMS AXP fixes. If you applied
CSCPAT_1084 V1.2 on your OpenVMS VAX V5.0 - V5.5-2
system, or upgraded to OpenVMS VAX V6.0, you do not need
V1.3 of CSCPAT_1084.
The difference between V1.3 and V1.4 of CSCPAT_1084
is the ability to install the kit on any flavor of OpenVMS
VAX V5.5-2 (i.e., 5.5-2H4 or 5.5-2HW). If you applied
CSCPAT_1084 V1.2 on your OpenVMS VAX V5.0 - V5.5-2
system, or upgraded to OpenVMS VAX V6.0, you do not need
V1.4 of CSCPAT_1084.
CSCPAT_1084 replaces CSCPAT_0197 V1.2 for OpenVMS VAX
V5.4 - V5.4-3, and CSCPAT_1069 V1.0 for OpenVMS VAX
V5.5 - V5.5-2. Fixes for V5.4 - V5.5-2 from these
earlier kits are contained in this kit. Currently,
there are no plans to include the fixes for V5.0
through V5.3-2 from these earlier kits.
***********************************************************************
* NOTE *
* *
* THIS KIT IS NO LONGER AVAILABLE THROUGH SSB. *
* *
***********************************************************************
ECO KIT SUMMARY:
An ECO kit exists for OpenVMS VAX V5.0 through V5.5-2 and
OpenVMS AXP V1.0. This kit addresses the following problems:
o There is a potential security vulnerability in the OpenVMS VAX
and OpenVMS AXP operating systems. This potential vulnerability
may further be exploited in the form of a malicious program that
may allow authorized but unprivileged users to obtain all system
privileges, potentially giving the unprivileged user control of
your OpenVMS system and data.
This problem is fixed in OpenVMS VAX V5.5-2H4 and V6.0 and
OpenVMS AXP V1.5.
NOTE: OpenVMS VAX V5.5-2H4 is a limited hardware release,
shipped only with the new systems (or system upgrades)
listed below. It is not separately orderable and will not
be distributed via Consolidated Distribution.
o VAX 4000 Model 100A
o VAX 4000 Model 500A
o VAX 4000 Model 600A
o VAX 4000 Model 700A
o A system crashes with a SSRVEXCEPT bugcheck at MMG$DELPAG+00224
on an TSTB (R2) instruction when an attempt to fault a P0 image
is made at the same time a SYSTEM-F-PAGEREDERR occurs.
************************** WARNING ***************************
* *
* The installation of this kit (CSCPAT_1084) will fail on *
* systems running OpenVMS VAX V5.4-3, V5.5, V5.5-1 and V5.5-2 *
* on which the Security MUP3 has been installed. This is due *
* to the fact that the Security MUP3 has newer images than *
* this kit. *
* *
* This fix was, however, not included in the Security MUP3, *
* and OpenVMS Engineering has stated that it has no plans *
* to update the Security MUP3 to include this fix. It *
* recommends that if you are experiencing this problem on *
* your system, you should update your system to OpenVMS *
* VAX V6.0. *
* *
****************************************************************
This problem is fixed in OpenVMS VAX V6.0.
o When using the $CRMPSC system service to create a permanent
global section, the call is made without the use of the INADR
argument. The section is mapped to the process and the process
region is expanded to accommodate this mapping.
This problem is fixed in OpenVMS VAX V6.0.
o A process with a working set size at or above WSQUOTA is unable
to expand its working set to WSEXTENT (working set extent), even
though there is ample free memory. This causes excessive paging
and slows down both the process and possibly the entire system.
This problem does NOT occur if the working set size is below
WSQUOTA.
This problem is fixed in OpenVMS VAX V5.4-3.
RELATED ARTICLES:
Detailed articles describing the problems listed above may exist in
the OPENVMS database. To view these articles, open the appropriate
product database and perform a query using either of the following
search strings: 'CSCPAT_1084' or 'VAXSMUP'.
ECO KIT ORDERING INSTRUCTIONS:
If after an evaluation you wish to obtain this kit, request it
electronically using the appropriate Advanced Electronic Services
(AES) Service Tool. If you are not familiar with how to request
kits electronically, open the DIA, WIS or DSNLINK database and
review the article entitled:
[AES] How To Electronically Request ECO Kits Using Service Tools
INSTALLATION NOTES:
In order for the corrections in this kit to take effect, the kit must
be installed on every system disk in your cluster. This installation
requires that you reboot the cluster/system.
NOTE: For SEVMS systems only, please issue the following command
$ COPY/LOG SYS$COMMON:[SYS$LDR]PAGE_MANAGEMENT.EXE -
_$ SYS$SYSROOT:[SEVMS$SAVED]
after the completion of the installation of this kit.
==========================================================================
| Table of Kit Image Information |
+----------------------------+----------+-----------------+--------------+
| | Overall | Image File | Image Link |
| Image Name | Checksum | Identification | Date/Time |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X46E9C1F5| X-21 | 5-APR-1993 |
| OpenVMS VAX V5.0-2 | | 18:41:10.34 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XB2FD678B| X-21 | 5-APR-1993 |
| OpenVMS VAX V5.1-1 | | 18:41:58.66 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X5D9650CA| X-21 | 10-MAR-1993 |
| OpenVMS VAX V5.2-1 | | 16:04:08.68 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X5D9650CA| X-21 | 10-MAR-1993 |
| OpenVMS VAX V5.3 | | 01:47:10.54 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XA92CB5DD| X-21 | 10-MAR-1993 |
| OpenVMS VAX V5.3-1 | | 16:36:01.84 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XA92CB5DD| X-21 | 10-MAR-1993 |
| OpenVMS VAX V5.3-2 | | 01:42:13.70 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XEECDAF0F| X-24 | 30-MAR-1993 |
| OpenVMS VAX V5.4 | | 13:16:27.04 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XEECDAF0F| X-24 | 30-MAR-1993 |
| OpenVMS VAX V5.4-1 | | 15:23:05.57 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XEECDAF0F| X-24 | 30-MAR-1993 |
| OpenVMS VAX V5.4-2 | | 13:42:24.07 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%XAC495D11| X-24 | 30-MAR-1993 |
| OpenVMS VAX V5.4-3 | | 13:18:59.16 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X350CE269| X-24 | 9-MAR-1993 |
| OpenVMS VAX V5.5 | | 20:18:39.06 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X350CE269| X-24 | 9-MAR-1993 |
| OpenVMS VAX V5.5-1 | | 20:18:39.06 |
+----------------------------+----------+-----------------+--------------+
| PAGE_MANAGEMENT.EXE |%X710757A2| V552R05 | 9-MAR-1993 |
| OpenVMS VAX V5.5-2 | | 20:11:34.58 |
+----------------------------+----------+-----------------+--------------+
| IMAGE_MANAGEMENT.EXE | 1F090CB0 | ALPHA X5F7-SSB | 22-FEB-1993 |
| OpenVMS AXP V1.0 | | 13:25:29.24 |
+----------------------------+----------+-----------------+--------------+
| SYS$VM.EXE | 78373B28 | ALPHA X5F7-SSB | 29-APR-1993 |
| OpenVMS AXP V1.0 | | 10:13:46.03 |
+----------------------------+----------+-----------------+--------------+
|
