COMMAND

    ANALYZE/PROCESS_DUMP

SYSTEMS AFFECTED

    VMS ?.?

PROBLEM

    Non-privileged  users  can  acquire  system privileges through the
    ANALYZE/PROCESS_DUMP routine.

SOLUTION

    Digital  is  currently  working  on  a  permanent solution to this
    problem.   While  a  permanent  fix  is  being  completed, Digital
    recommends  that  the  following  actions  be  taken  on every VMS
    system (this includes all nodes in a VAXcluster system).

    After  taking  the  following  actions,  non-privileged users will
    not be able to use the ANALYZE/PROCESS_DUMP command.

    1.  Log into the system account.

    2.  $ SET PROC/PRIV=ALL

    3.  a)  For VMS versions prior to V5.0,

	    Modify SYS$MANAGER:SYSTARTUP.COM to include the following lines:

		     $ SET NOON
		     $ MCR INSTALL ANALIMDMP.EXE/DELETE

	    as the first two commands in this file.

	b)  For VMS versions V5.0 and later,

	    Modify SYS$MANAGER:SYSTARTUP_V5.COM to include the following
	    lines:

		     $ SET NOON
		     $ MCR INSTALL ANALIMDMP.EXE/DELETE

	    as the first two commands in this file.

	c)  For MicroVMS systems,

	    The image ANALIMDMP.EXE is  not installed by default,  but
	    SYSTARTUP.COM  contains  a  suggestion  for installing the
	    image if  you have  multiple users  on your  system.   You
	    must  ensure  that   this  image  is   not  installed   by
	    SYSTARTUP.COM.   You  can   use  the  following command to
	    verify that the image is not  installed:

		      $ MCR INSTALL ANALIMDMP/LIST

    4.  $ MCR INSTALL ANALIMDMP/DELETE

	This command removes the installed image from the active system.

    5.  (Optional) Restart your systems and verify that the image is not
	installed using the following command:

		      $ MCR INSTALL ANALIMDMP/LIST

	 You should receive a message similar to the following:

	    %INSTALL-W-FAIL, failed to LIST entry for ANALIMDMP.EXE
	    -INSTALL-E-NOKFEFND, Known File Entry not found