AusCERT - ESB-97.031 -- Digital Advisory SSRT0450U

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-97.031 -- Digital Advisory SSRT0450U
Date: 07 March 1997

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----


===========================================================================
              AUSCERT External Security Bulletin Redistribution

                             
                     ESB-97.031 -- Digital Advisory SSRT0450U
                              7 March 1997

===========================================================================

Digital Equipment Corporation has released the following advisory
concerning a problem with OpenVMS.  OpenVMS has a documented delta-time
limit that may cause a serious error in some applications and OpenVMS
components beginning on or around 19-MAY-1997.

This following security bulletin is provided as a service to AUSCERT's
members.  As AUSCERT did not write this document, AUSCERT has had no
control over its content.  As such, the decision to use any or all of this
information is the responsibility of each user or organisation, and should
be done so in accordance with site policies and procedures.

Contact information for Digital is included in the Security Bulletin below.
If you have any questions or need further information, please contact them
directly.

If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 4477
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
	AUSCERT personnel answer during Queensland business hours
	which are GMT+10:00 (AEST).
	On call after hours for emergencies.


- --------------------------BEGIN INCLUDED TEXT--------------------

DIGITAL EQUIPMENT CORPORATION

             "Digital is broadly distributing this Security Advisory
             in order to bring to the attention of users of Digital's
             products the important security information contained in
             this Advisory.  Digital recommends that all users
             determine the applicability of this information to their
             individual situations and take appropriate action.

             Digital does not warrant that this information is
             necessarily accurate or complete for all user situations
             and, consequently, Digital will not be responsible for
             any damages resulting from user's use or disregard of the
             information provided in this Advisory."

  DIGITAL EQUIPMENT CORPORATION

  OpenVMS[TM] Delta-Time Limit Notification Cover Letter

  AV-R4Y1A-TE

  February 1997

  Dear OpenVMS Customer,

  The OpenVMS operating system has a documented delta-time
  limit that may cause a serious error in some applications
  and OpenVMS components beginning on or around 19-MAY-1997.
  DIGITAL has provided ECOs (Engineering Change Orders) that
  remove the delta-time limit.

  Applications and OpenVMS components most likely to
  experience errors are those that pass delta-time arguments
  with values exceeding 9999 days on system-supplied date
  routines. The most likely date that these errors will
  occur is 19-MAY-1997:00:00, which is 10,000 days after the
  common UNIX time origin of 1-JAN-1970.

  DIGITAL strongly recommends that all customers running the
  affected versions of OpenVMS install the appropriate ECO,
  as follows:

    For OpenVMS Alpha Version 6.1 through Version 7.0:  ALPLIBR05_070
    For OpenVMS VAX Version 5.5 through Version 7.0:    VAXLIBR05_070

  Systems running OpenVMS Alpha Version 7.1 and OpenVMS VAX
  Version 7.1 are not affected and do not need to install
  the ECO.

  The following OpenVMS components and software products are
  known to be affected by the delta-time limit. The ECOs
  correct the problems observed in these products.

  ________________________________________________________________
  Product________________________________OpenVMS_Version__________

  OpenVMS SECURITY Server                OpenVMS Alpha V7.0 only

  DECwindows Motif for OpenVMS           OpenVMS Alpha V7.0 only

  Distributed Computing Environment      OpenVMS Alpha V6.2 only
          (DCE) for OpenVMS

  OpenVMS DECthreads                     OpenVMS Alpha and OpenVMS
                                                 VAX V5.5 through V7.0
  
  (OSU) DECthreads HTTP Server (free-    OpenVMS Alpha and OpenVMS
  ware provided with the OpenVMS         VAX V5.5 through V7.0
  Internet_Product_Suite)_________________________________________

  Other software products running on OpenVMS might also
  experience errors stemming from this delta-time limit.
  Contact the appropriate software vendor for more
  information.

  Impact on Application Developers

  Application developers and their customers must install
  the appropriate ECO.

  If an application developer uses OpenVMS shareable images,
  there is no required code change and relinking is not
  necessary; installing the ECO on the customer system
  corrects the problem.

  If an application developer does not use OpenVMS shareable
  images (that is, links using STARLET) and the application
  is subject to the 10,000 day restriction, no code change
  is required. However, the developer must relink the
  application after installing the ECO and might need to
  redistribute the software. The application developer's
  customers must also install the ECO on their systems.

  If your application calls the following OpenVMS RTL
  Library (LIB$) routines, you may encounter errors due to
  the 10,000 day delta-time limit.

    LIB$CVT_TO_INTERNAL_TIME         LIB$SUB_TIMES
    LIB$CVT_FROM_INTERNAL_TIME       LIB$MULT_DELTA_TIME
    LIB$CVTF_TO_INTERNAL_TIME        LIB$MULTF_DELTA_TIME
    LIB$CVTF_FROM_INTERNAL_TIME      LIB$CONVERT_DATE_STRING
    LIB$CVT_VECTIM                   LIB$ADD_TIMES

  Applications that are written in DEC C and contain
  portable code that calls only ANSI time functions are not
  impacted.

  Distribution Channels

  DIGITAL is distributing the ECOs only through the
  following channels. Customers should obtain the ECOs from:

    o  DIGITAL Electronic Service Delivery Tools (such as DSNlink,
       Web Information and Support Service (WIS), and DIGITAL Dial-
       In Access (DIA))

    o  the World Wide Web at:

    http://www.service.digital.com/html/patch_main.html

    o  the following FTP address:

    ftp://ftp.service.digital.com/public/vms/

  If you need further information, please contact your
  normal DIGITAL support channel.

  DIGITAL appreciates your cooperation and patience. We
  regret any inconvenience applying this update may cause.

  ©Digital Equipment Corporation. 1997. All rights reserved.
  ___________________
  [TM] The following are trademarks of Digital Equipment Corporation:
       OpenVMS, VAX, VMS, and the DIGITAL logo.


- --------------------------END INCLUDED TEXT--------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBMyAtwCh9+71yA2DNAQG4QgP9Gg8mI/OsBPt29wPmxXDGKLxsbD2wN7Z0
fU5o6p1FMNvmx+vBpLg5M24BXOY4DFrMANCYBsmGDJcyAx/b/rQGS6BvF7EmkA0U
vFK03E9+XLXC92vN4S5Od8WLMDwCKLbQRMGWefD2Pdq01i1kC1vvoc9DsUT/fhan
8qrWeUFbHR8=
=DG8l
-----END PGP SIGNATURE-----