Cover Letter for the OpenVMS DCL Security Mandatory Update 5991-4448 November 2005 Dear HP OpenVMS Customer, HP has determined that a potential security vulnerability has been identified with HP OpenVMS. This vulnerability could be exploited by a local non-privileged user to cause a Denial of Service (DoS) by crashing the system. SUPPORTED SOFTWARE VERSIONS impacted: HP OpenVMS Integrity V8.2-1 HP OpenVMS Integrity V8.2 HP OpenVMS Alpha V7.3-2 HP OpenVMS Alpha V8.2. Note: OpenVMS Alpha customers who are not running V7.3-2 or V8.2 should upgrade to one of those supported versions and apply the appropriate MUP. RESOLUTION: To resolve this potential security vulnerability, HP is providing a Mandatory Update Patch (MUP) for OpenVMS Integrity and OpenVMS Alpha customers. The MUP is provided in kits to be downloaded from the ITRC and these MUPs are also included in update media kits. To download the MUP from the ITRC: - Go to < http://www2.itrc.hp.com/service/cki/enterService.do>. - Enter the kit name from this list: VMS732_MUP-V0100 VMS82A_MUP-V0100 VMS82I_MUP-V0100 VMS821I_MUP-V0100 - Search. - Follow the ITRC instructions to download the MUP. The MUP is included in the following update kits. These update kits are delivered on the Integrity quarterly update CD and on the Alpha Software Product Library consolidated disk #1. Note: There is no V8.2-1 UPDATE kit. VMS732_UPDATE-V0500 VMS82A_UPDATE-V0100 VMS82I_UPDATE-V0100 These MUP kits are also delivered on the OpenVMS Integrity Operating Environment quarterly update Media kit. - [DCLMUP_I64.KITS] contains the binary files. - [DCLMUP_I64.DOCUMENTATION] contains installation instructions. For Alpha These MUP kits are on Software Product Library consolidated disk #1. Note: During installation of the MUP from CD a message stating that a system reboot is needed will be displayed. This message can be safely ignored, you are protected as soon as the kit is installed. Kits installed from the ITRC site will not display the message. The HP OpenVMS Alpha DCL MUP kits for supported versions are listed in the table below. The DCL MUP kits and installation instructions are delivered on consolidated disk #1. - [DCLMUP_ALPHA.KITS] contains the binary files. - [DCLMUP_ALPHA.DOCUMENTATION] contains installation instructions. These kits are provided as self-extracting DCX compressed kits (Alpha). To expand a file to the installable .PCSI file, RUN the compressed file. Refer to Section 7 "Installation Instructions" in the accompanying documentation for additional information on kit installation. OS Version Mandatory Update Files in [DCLMUP_ALPHA.KITS] HP OpenVMS V7.3-2 VMS732_MUP-V0100.PCSI-DCX_AXPEXE HP OpenVMS V8.2 VMS82A_MUP-V0100.PCSI-DCX_AXPEXE OS Version Installation Instructions in [DCLMUP_ALPHA.DOCUMENTATION] HP OpenVMS V7.3-2 VMS732_MUP-V0100.TXT HP OpenVMS V8.2 VMS82A_MUP-V0100.TXT