Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!lll-crg!nike!ucbcad!ucbvax!ORNL-MSR.ARPA!jcm From: jcm@ORNL-MSR.ARPA (James A. Mullens) Newsgroups: mod.computers.vax Subject: Re: DECnet terminals -> VMS and EDT crashes? Message-ID: <8610311719.AA20764@ORNL-MSR.ARPA> Date: Fri, 31-Oct-86 12:19:05 EST Article-I.D.: ORNL-MSR.8610311719.AA20764 Posted: Fri Oct 31 12:19:05 1986 Date-Received: Mon, 3-Nov-86 20:54:23 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 28 Approved: info-vax@sri-kl.arpa I recently reported a problem with DECnet, in which a nonpriveleged user could crash a VMS 4.2 system. This could be done over an Ethernet link from an IBM AT running a DECnet work-alike product called CommUnity. The problem has now been fixed by the CommUnity people. I think their explanation of the problem confirms some rumors about the vulnerability of VMS -- at least VMS 4.2. They says that their software was mistakenly sending the wrong length for a DECnet packet. They actually claimed that "the packet length field was set to a negative number". This was, of course, a violation of the protocal. Still, it is amazing that VMS accepted the length specification and acted on it, committing "computer-cide" in the process. Our local DEC sales rep mentioned that the early DECnet DOS releases caused similar problems. I can believe this. It seems that a trivial programming mistake on the sender's side can cause an crash at the receiving end! It is encouraging that our VMS 4.4 system did not crash under identical circumstances, but terminated the EDT job running with an access protection violation. This may mean that DEC has already fixed this sort of problem with the current releases of VMS. On the other hand, the 4.4 system may have been saved by trivial differences between the two systems. As a final note, I have been using CommUnity since I received the fix and I have not found any more problems with the product. jim mullens / oak ridge national lab / jcm@ornl-msr.arpa