ECO NUMBER: VAXLOAD04_070 ----------- PRODUCT: OpenVMS VAX Operating System -------- UPDATED PRODUCT: OpenVMS VAX Operating System 7.0 ---------------- APPRX BLCK SIZE: 720 ---------------- COVER LETTER 1 KIT NAME: VAXLOAD04_070 2 KITS SUPERSEDED BY THIS KIT: VAXLOAD03_070 3 KIT DESCRIPTION: 3.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS VAX V7.0 3.2 In order to receive the full fixes listed in this kit the following remedial kits also need to be installed: None 3.3 Files patched or replaced: o [SYSEXE]CIA.EXE (new image) o [SYSEXE]LOGINOUT.EXE (new image) o [SYSLIB]SECURESHR.EXE (new image) o [SYSLIB]SECURESHRP.EXE (new image) 4 PROBLEMS ADDRESSED IN VAXLOAD04_070 KIT o Incorrect User Authorization failures when trying to log on to a system. 5 PROBLEMS ADDRESSED IN VAXLOAD03_070 KIT o User account gets DISUSER flag set when no intrusions are present. -- COVER LETTER -- Page 2 14 July 1997 6 PROBLEMS ADDRESSED IN VAXLOAD02_070 KIT FOR OPENVMS VAX V7.0 o After installation of the VAXLOAD01_070 kit on V7.0 systems, the system would hang during re-boot. 7 PROBLEMS ADDRESSED IN VAXLOAD01_070 KIT FOR OPENVMS VAX V7.0 o Proxy behavior is unpredictable. Sometimes they are inoperative and at other times access is given to an incorrect place. o Users without WORLD privilege generate many "No WORLD priv" audits when logging in. o Records in the old intrusion database can not be deleted. o Some logins are not correctly audited. 8 PROBLEMS ADDRESSED IN VAXLOGI02_070 KIT FOR OPENVMS VAX V7.0 o Audit information about network sessions from TCP/IP connections does not contain remote host information. 9 PROBLEMS ADDRESSED IN VAXLOGI02_070 KIT FOR OPENVMS V7.0 o Users with an expired password, but with the DISFORCE_PWD_CHANGE flag set, are getting their password unexpired even though they do not set a new password. 10 PROBLEMS ADDRESSED IN VAXLOGI01_070 KIT FOR OPENVMS VAX V7.0 o Problem with LGI callouts. o Intrusion records and audits from DECnet/OSI network connections have a username padded with characters. o A user typing meaningless characters, whitespace, or "/" in response to the USERNAME prompt receives a CLI error, and then successfully logs in has an intrusion and an incorrect audit generated. -- COVER LETTER -- Page 3 14 July 1997 11 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide as to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: 3 : To be installed by customers experiencing the problems corrected. 12 INSTALLATION INSTRUCTIONS: Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: @SYS$UPDATE:VMSINSTAL VAXLOAD04_070 [location of the saveset] The saveset location may be a tape drive, or a disk directory that contains the kit saveset. No reboot is necessary after successful installation of this kit. If you have other nodes in your VMScluster, they should be rebooted or install this kit in each system in order to make use of the new image(s). Copyright (c) Digital Equipment Corporation, 1997 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL DIGITAL BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.