PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE MANAGER
{IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
SUBJECT:  SECURITY VULNERABILITY IN VMS MONITOR UTILITY {AUTOMATED
SYSTEM SECURITY INCIDENT SUPPORT TEAM {ASSIST} BULLETIN 92-66}.
1.  THIS IS AN ADDENDUM TO ASSIST BULLETIN 92-63 (DTG 100658Z SEP 92)
THAT DESCRIBED A SECURITY VULNERABILITY IN THE VMS MONITOR UTILITY
AND PROVIDED SUGGESTED WORKAROUNDS TO REMOVE THE VULNERABILITY.  A
VMS V5.3 THROUGH V5.4-2 PATCH IS NOW AVAILABLE THROUGH YOUR REGULAR
DIGITAL SERVICES CUSTOMER SUPPORT ORGANIZATION.  THIS PROBLEM HAS
BEEN CORRECTED IN VAX VMS V5.4-3 RELEASED IN OCTOBER 1991.
2.  THE PATCH CONTAINS A NEW SYS$SHARE:SPISHR.EXE FOR VMS V5.3-*
THROUGH VMS V5.4-2 AND MAY BE IDENTIFIED AS MONTOR$S01_053 AND
MONTOR$S01_054 RESPECTIVELY WHEN CONTACTING YOUR DIGITAL SERVICES
ORGANIZATION.  IN THE U.S.THE PATCH IS ALSO IDENTIFIED AS CSCPAT_1047
VIA DSIN AND DSNLINK.  ASSIST STRONGLY RECOMMENDS THAT YOU UPDATE TO
THE LATEST RELEASE OF VMS V5.5-1, OR INSTALL THE APPROPRIATE PATCH
DETAILED IN THIS MESSAGE AS SOON AS POSSIBLE IF AN UPDATE TO VMS
V5.5-1 CANNOT BE ACCOMPLISHED IN AN EXPEDTIOUS MANNER.
3.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {703} 696-1904 OR DSN 226-1904.  ASSIST CAN BE
REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE {800-759-
7243}, PIN NUMBER 2133937.  WHEN CALLING THE PAGER SERVICE, FOLLOW
THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK NUMBER AFTER
THE PROMPT.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK WITHIN 30
MINUTES.  IF FASTER SERVICE IS REQUIRED, PREFIX YOUR TELEPHONE NUMBER
WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL BACK WITHIN 5
MINUTES.  ASSIST CAN BE REACHED VIA E-MAIL AT "DOD-CERT{AT-SIGN}DDN-
CONUS.DDN.MIL".
BT