Last Update: 2-Dec-2002
Operating System: OpenVMS
Component: PMDF MAIL User Agent
Base Level Required: PMDF V6.2
Other Requirements: none
Platform Subdirectory File(s) to download
-------- ------------ --------------------
OpenVMS VAX [.VMS.VAX_EXE] UA.EXE
OpenVMS ALPHA [.VMS.ALPHA_EXE] UA.EXE
Solaris Sparc solaris-sparc/bin/ n/a
Solaris Intel solaris-x86/bin/ n/a
Tru64 osf/bin/ n/a
Windows NT x86 nt/bin/ n/a
Windows 2000 x86 w2k/bin/ n/a
GENERAL INFO
-------------
Patches may be obtained from the anonymous FTP account on
ftp.pmdf.process.com. Use FTP to connect to the host ftp.pmdf.process.com
and login as the user anonymous. Use your e-mail address as the login
password.
Move to the pmdf_62_patches subdirectory:
ftp> cd pmdf_62_patches
Patches will be located in platform-specific sub-trees, as follows:
Platform Subdirectory
-------- ------------
OpenVMS vms
Solaris/SPARC solaris-sparc
Solaris/x86 solaris-x86
Tru64 osf
Windows NT nt
Windows 2000 w2k
When FTPing these images, be sure to FTP them as binary images. Before
retrieving such an image with the GET command, be sure to put your FTP
into binary mode with a command such as TYPE IMAGE or TYPE BINARY.
Change history
---------------
2-Dec-2002
A potential security vulnerability has been discovered in PMDF MAIL that
could allow a malicious user to execute arbitrary DCL commands with elevated
system privileges. Process Software is not aware of any cases in which this
vulnerability has been exploited. However, we strongly recommend installing
this patch to eliminate the vulnerability.
Installation
------------
OpenVMS [VAX] [ALPHA]
UA.EXE needs to be copied to the PMDF_EXE: directory and then installed
with the command:
$ INSTALL REPLACE PMDF_EXE:UA.EXE
on all members of the OpenVMS cluster running out of the affected PMDF
directory tree.
UNIX [Solaris] [Digital UNIX]
n/a
NT
n/a