ECO NUMBER: VAXDWMOTMUP01_073
PRODUCT: OpenVMS VAX OPERATING SYSTEM V7.3
UPDATE PRODUCT: OpenVMS VAX OPERATING SYSTEM V7.3
COVER LETTER
1 KIT NAME:
VAXDWMOTMUP01_073
2 KITS SUPERSEDED BY THIS KIT:
None.
3 KIT DEPENDENCIES:
3.1 The following remedial kit(s), or later, must be installed
BEFORE installation of this, or any required kit:
None.
3.2 In order to receive all the corrections listed in this kit,
the following remedial kits, or later, should also be
installed:
None.
4 KIT DESCRIPTION:
4.1 Version(s) of OpenVMS to which this kit may be applied:
OpenVMS VAX V7.3
4.2 Files patched or replaced:
o [SYSLIB]DECW$TRANSPORT_COMMON.EXE (new image)
o [SYSLIB]DECW$TRANSPORT_DECNET.EXE (new image)
o [SYSLIB]DECW$TRANSPORT_LOCAL.EXE (new image)
o [SYSLIB]DECW$TRANSPORT_TCPIP.EXE (new image)
5 PROBLEMS ADDRESSED IN VAXDWMOTMUP01_073 KIT
o Compaq has determined that systems running OpenVMS Alpha,
OpenVMS VAX, SEVMS VAX or SEVMS Alpha with the DECwindows
MotifServer installed have a potential security vulnerability
that could be exploited to allow existing users unauthorized
access to data and system resources. To protect against this
�
-- COVER LETTER -- Page 2
2 October 2001
potential security risk, Compaq is making available a mandatory
update patch for OpenVMS customers.
Installation of the DECwindows Motif Server is optional during
the installation of the OpenVMS Operating System. You can
verify whether or not the DECwindows Motif Server has been
installed on your system using the following command:
$ DIRECTORY SYS$LIBRARY:DECW$*.EXE
If no DECW$*.EXE files are present on your system, the
DECwindows Motif Server is not installed on your system and you
do NOT need to apply this mandatory update.
Apply this mandatory update if the DECwindow Motif Server is
installed on your system and you are running one of the
following versions of OpenVMS or SEVMS:
o OpenVMS Alpha Version 6.2 and all associated hardware
releases (for example, Version 6.2-1H1)
o OpenVMS Alpha Version 7.1-2
o OpenVMS Alpha Version 7.2-1
o OpenVMS Alpha Version 7.2-1H1
o OpenVMS Alpha Version 7.2-2
o OpenVMS Alpha Version 7.3
o OpenVMS VAX Version 6.2
o OpenVMS VAX Version 7.1
o OpenVMS VAX Version 7.2
o OpenVMS VAX Version 7.3
o SEVMS Alpha Version 6.2
o SEVMS VAX Version 6.2
NOTE
----
OpenVMS VAX V5.5-2 is not subject to this potential security
vulnerability.
After completing the update, Compaq strongly recommends that
you perform an immediate backup of your system disk so that any
subsequent restore operations begin with updated software.
Otherwise, you must reapply the update after a future restore
operation. Also, if at some future time you upgrade your
system to one of the versions of OpenVMS or SEVMS listed you
�
-- COVER LETTER -- Page 3
2 October 2001
must reapply the update.
Images Affected:
- [SYSLIB]DECW$TRANSPORT_COMMON.EXE
- [SYSLIB]DECW$TRANSPORT_DECNET.EXE
- [SYSLIB]DECW$TRANSPORT_LOCAL.EXE
- [SYSLIB]DECW$TRANSPORT_TCPIP.EXE
6 KIT INSTALLATION RATING:
The following kit installation rating, based upon current CLD
information, is provided to serve as a guide to which customers
should apply this remedial kit. (Reference attached Disclaimer of
Warranty and Limitation of Liability Statement)
INSTALLATION RATING:
INSTALL_1 : To be installed by all customers.
7 INSTALLATION INSTRUCTIONS:
Install this kit with the VMSINSTAL utility by logging into the
SYSTEM account, and typing the following at the DCL prompt:
@SYS$UPDATE:VMSINSTAL VAXDWMOTMUP01_073 [location of the saveset]
The kit location may be a tape drive, CD, or a disk directory that
contains the kit.
Note that the kit installation will ask if you wish to delete the
old files rather than archive them. Due to the nature of the
problem that this kit corrects, Compaq recommends that the old
files be deleted and not left on the system.
This kit requires a system reboot. Compaq strongly recommends that
a reboot is performed immediately after kit installation to avoid
system instability.
If you have other nodes in your OpenVMS cluster, they must also be
rebooted in order to make use of the new image(s). If it is not
possible or convenient to reboot the entire cluster at this time, a
rolling re-boot may be performed. However, due to the nature of
the problem that this kit corrects, Compaq strongly recommends a
rolling re-boot be performed immediately on each cluster node.
�
-- COVER LETTER -- Page 4
2 October 2001
Copyright (c) Compaq Computer Corporation, 2001 All Rights
Reserved. Unpublished rights reserved under the copyright laws of
the United States. COMPAQ, the Compaq logo, VAX, Alpha, VMS, and
OpenVMS are registered in the U.S. Patent and Trademark Office.
All other product names mentioned herein may be trademarks of their
respective companies.
Confidential computer software. Valid license from Compaq required
for possession, use, or copying. Consistent with FAR 12.211 and
12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed
to the U.S. Government under vendor's standard commercial license.
Compaq shall not be liable for technical or editorial errors or
omissions contained herein. The information in this document is
provided as is without warranty of any kind and is subject to
change without notice. The warranties for Compaq products are set
forth in the express limited warranty statements accompanying such
products. Nothing herein should be construed as constituting an
additional warranty.
DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY
THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL
EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE
EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL COMPAQ BE
LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND
REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH
MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.