OpenVMS supporters considered this OS the best you can find as far as security. But, is this really true ?

To answer this question, we have looked at the US-CERT Carnegie Mellon University database, one of the most authoritative sources for vulnerability certification. Our query was OpenVMS vulnerabilities in October 2005 and the database returned 16 (yes, sixteen) pages of instances. Surprised? Shocked, maybe? Wait before you throw your Alpha server out of the window: there is an explanation for all this.

The latest instance was related to CA-Unicenter, a third party software. Nothing to worry about, then.

- Potential DoS for BIND V9 service: does not affect OpenVMS.
- Execution of unauthorized PHP code on server: does not affect OpenVMS.
- DHCP buffer overflow: does not affect OpenVMS.
- Possible remote execution of code with CVS software: does not affect OpenVMS.
- FTP buffer overflow: does not affect OpenVMS.
- Warning issues related to SIP Session Initialization Protocol -- guess: does not affect OpenVMS.

The most relevant instance has to do with OpenSSH, the encrypted protocol created for web access. Two vulnerabilities have been noted, both allow the remote execution of unauthorized code. MultiNet, TCPware and SSH for OpenVMS are immune to those problems.

You may find the vulnerability report here, http://search.cert.org/query.html

Have some spare time to kill? Try to do the same for other popular operating systems and have fun!

Understand Italian? Read here!