VMS 4.0 through 5.3 is a proprietary operating system used by the US Department of Energy (DOE). This vulnerability allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command, which can lead to unauthorized access and potential data breaches.
You're affected if you use VMS 4.0 through 5.3. If you don't recognize the name "VMS" or its proprietary nature, you're probably not affected. Check with your system administrator or IT department if your organization uses VMS products.
Version info: Not specified in the advisory.
Contact the DOE directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict access to sensitive commands (e.g., ANALYZE/PROCESS_DUMP)
- Monitor system logs for suspicious activity