OpenVMS VAXLOAD03_062 VAX V6.2 LOGINOUT/Security Server ECO Summary

NOTE: An OpenVMS saveset or PCSI installation file is stored on the Internet in a self-expanding compressed file. The name of the compressed file will be kit_name-dcx_vaxexe for OpenVMS VAX or kit_name-dcx_axpexe for OpenVMS Alpha. Once the file is copied to your system, it can be expanded by typing RUN compressed_file. The resultant file will be the OpenVMS saveset or PCSI installation file which can be used to install the ECO. Copyright (c) Digital Equipment Corporation 1996, 1997. All rights reserved. PRODUCT: OpenVMS VAX COMPONENT: Security CIA.EXE LOGINOUT.EXE SECURESHR.EXE SECURESHRP.EXE SOURCE: Digital Equipment Corporation ECO INFORMATION: ECO Kit Name: VAXLOAD03_062 ECO Kits Superseded by This ECO Kit: VAXLOAD02_062 VAXLOAD02_070 (For OpenVMS VAX V6.2 *ONLY*) VAXLOAD01_070 VAXLOAD01_062 VAXLOGI02_070 VAXLOGI01_070 VAXLOGI01_062 ECO Kit Approximate Size: 720 Blocks Kit Applies To: OpenVMS VAX V6.2 System/Cluster Reboot Necessary: No Installation Rating: 3 - To be installed on all systems running the listed versions of OpenVMS which are experiencing the problems described. NOTE: In order to receive the full fixes listed in this kit, the following remedial kits also need to be installed: None. ECO KIT SUMMARY: An ECO kit exists for various security components on OpenVMS VAX V6.2. Problems Addressed in the VAXLOAD03_062 ECO Kit: o Incorrect user authorization failures occur during login attempts. Problems Addressed in the VAXLOAD02_062 ECO Kit: o The DISUSER flag gets set on a user account when no intrusions are present. Problems Addressed in the VAXLOAD01_070 ECO Kit: o Proxy behavior is unpredictable. Sometimes they are inoperative and at other times access is given to an incorrect place. o Users without WORLD privilege generate many "No WORLD priv" audits when logging in. o Records in the old intrusion database cannot be deleted because they are ill-formed (i.e., they contain control characters, nulls, spaces, etc.). o Some logins are not correctly audited. Problems Addressed in the VAXLOGI02_070 ECO kit: o Audit information about network sessions from TCP/IP connections does not contain remote host information. o An expired password may become useable again even if the DISFORCE_PWD_CHANGE flag is set and the password is not changed. Problems Addressed in the VAXLOGI01_070 ECO kit: o Problem with LGI callouts. o Intrusion records and audits from DECnet/OSI network connections have a username padded with characters. o If a user who types meaningless characters, whitespace or the "/" in response to the USERNAME prompt receives a CLI error and then successfully logs in, the user will have an intrusion record and an incorrect audit will be generated. o Five seconds after a password is entered, the login attempt is rejected. This problem is corrected in OpenVMS VAX V7.0. o A login attempt will be rejected after it hangs for 30 seconds. This problem is corrected in OpenVMS VAX V7.0. Problems Addressed in the VAXLOGI01_062 ECO kit: o When the item code SJC$_LOG_SPECIFICATION is used with SYS$SNDJBCW, OpenVMS VAX V6.2 does not handle logical names the same way that it did in earlier versions. For example, using "TEST" as the log file specification, the DCL 'DEFINE/SYSTEM TEST DEV1:[USER.TMP]' command gives the following results from $SNDJBC when it is executed from the DEV1:[USER]: directory: For OpenVMS V6.1 DEV1:[USER.TMP]jobname.LOG For OpenVMS V6.2: DEV1:[USER.TMP].LOG INSTALLATION NOTES: The system does not need to be rebooted after this kit is installed. However, if you have other nodes in your OpenVMS VMScluster, they should be rebooted or you should install this kit on each system in order to make use of the new image(s).

This patch can be found at any of these sites:

Files on this server are as follows:

vaxload03_062.README
vaxload03_062.CHKSUM
vaxload03_062.CVRLET_TXT
vaxload03_062.a-dcx_vaxexe