ECO NUMBER: ALPLOAD02_062 PRODUCT: OpenVMS Alpha OPERATING SYSTEM 6.2 UPDATE PRODUCT: OpenVMS Alpha OPERATING SYSTEM 6.2 COVER LETTER 1 KIT NAME: ALPLOAD02_062 2 KITS SUPERSEDED BY THIS KIT: ALPLOAD02_070 for OpenVMS Alpha V6.2 only 3 KIT DESCRIPTION: 3.1 Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3 3.2 In order to receive the full fixes listed in this kit the following remedial kits also need to be installed: None 3.3 Files patched or replaced: o [SYSEXE]LOGINOUT.EXE (new image) o [SYSEXE]CIA.EXE (new image) o [SYSLIB]SECURESHR.EXE (new image) o [SYSLIB]SECURESHRP.EXE (new image) 4 PROBLEMS ADDRESSED IN ALPLOAD02_062 KIT o User account gets DISUSER flag set when no intrusions are present. 5 PROBLEMS ADDRESSED IN ALPLOAD02_070 KIT FOR OPENVMS ALPHA V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3 o After installing the ALPLOAD01_070 kit on V6.2 systems, logins were not possible. -- COVER LETTER -- Page 2 12 June 1997 6 PROBLEMS ADDRESSED IN ALPLOAD01_070 KIT FOR OPENVMS V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3 o The $GETUAI and $SETUAI services may return RMS record locked errors when attempting to access the SYSUAF. These errors will happen if the caller uses these services with a context block supplied (which keeps the SYSUAF open), and encounters a locked record for other than the initial call (because the RMS structures are not correctly re-initialized after the initial call). This problem is corrected in OpenVMS Alpha V7.0 7 PROBLEMS ADDRESSED IN ALPLOAD01_070 KIT FOR OPENVMS V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3 o Some logins are not correctly audited. o Users without WORLD privilege generate many "No WORLD priv" audits when logging in. 8 PROBLEMS ADDRESSED IN ALPLOAD01_070 KIT FOR OPENVMS V6.2, V6.2-1H1, V6.2-1H2, V6.2-1H3 o Proxy behavior is unpredictable. Sometimes they are inoperative and at other times access is given to an incorrect place. o Records in the old intrusion database can not be deleted. 9 PROBLEMS ADDRESSED IN ALPLOAD01_062 KIT o Five seconds after entering a password, the login is rejected. This problem is corrected in OpenVMS VAX V7.0. o Login attempt hangs for 30 seconds and then is rejected. This problem is corrected in OpenVMS VAX V7.0. -- COVER LETTER -- Page 3 12 June 1997 10 PROBLEMS ADDRESSED IN ALPLOGI02_070 KIT FOR OPENVMS ALPHA V6.2, V6.2-1H1, V6.2-1H2 o Users with an expired password, but with the DISFORCE_PWD_CHANGE flag set, are getting their password unexpired even though they do not set a new password. o Audit information about network sessions from TCP/IP connections doesn't contain remote host information. 11 PROBLEMS ADDRESSED IN ALPLOGI01_070 KIT FOR OPENVMS ALPHA V6.2, V6.2-1H1 o Intrusion records and audits from DECnet/OSI network connections have a username padded with characters. o A user typing meaningless characters, whitespace, or "/" in response to the USERNAME prompt receives a CLI error, and then successfully logs in has an intrusion and an incorrect audit generated. 12 PROBLEMS ADDRESSED IN ALPLOGI01_070 KIT OR OPENVMS ALPHA V6.2, V6.2-1H1 o When using item code SJC$_LOG_SPECIFICATION with SYS$SNDJBCW, OpenVMS V6.2 does not handle logical names like it used to under OpenVMS V6.1 or earlier. For example, Using "TEST" as the log file specification the command: $ DEFINE/SYSTEM TEST DEV1:[USER.TMP] gives the following results from $SNDJBC when executed from directory DEV1:[USER]: For OpenVMS V6.1 DEV1:[USER.TMP]jobname.LOG For OpenVMS V6.2: DEV1:[USER.TMP].LOG o When setting host into a DECnet PhaseV system the logical name SYS$REM_NODE incorrectly set. -- COVER LETTER -- Page 4 12 June 1997 13 KIT INSTALLATION RATING: The following kit installation rating, based upon current CLD information, is provided to serve as a guide as to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: INSTALL_3 : To be installed by customers experiencing the problems corrected. 14 INSTALLATION INSTRUCTIONS: Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: @SYS$UPDATE:VMSINSTAL ALPLOAD02_062 [location of the saveset] The saveset location may be a tape drive, or a disk directory that contains the kit saveset. System should be rebooted after successful installation of the kit. If you have other nodes in your VMScluster, they should also be rebooted in order to make use of the new image(s). Copyright (c) Digital Equipment Corporation, 1997 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL DIGITAL BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.