$TXT Created by at KRNDEV.FO-OAKLAND.DOMAIN.EXT (KIDS) on Wednesday, 10/16/24 at 15:25 ============================================================================= Run Date: MAR 13, 2025 Designation: XU*8*800 Package : XU - KERNEL Priority: Mandatory Version : 8 SEQ #646 Status: Released Compliance Date: APR 13, 2025 ============================================================================= Associated patches: (v)XU*8*499 <<= must be installed BEFORE `XU*8*800' Subject: FIX PROGRAMMER MODE ACCESS VULNERABILITY Category: - Routine Description: ============ Kernel Patch XU*8.0*800 eliminates the vulnerability where a user could create an option in the OPTION (#19) file, which circumvented Menu Management security controls and dropped them into Programmer Mode. This patch restricts access to Programmer Mode to only those users holding the XUPROGMODE security key. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: N/A New Service Requests (NSRs): ---------------------------- N/A Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) & Overview: -------------------------------------------- INC30847158 Need to patch ASAP %ZOSV Problem: ---------- By chance it was discovered that a VA employee (former IT Specialist) created an option in the OPTION (#19), file which circumvented Menu Management security controls and dropped them into Programmer Mode. The option type was a run routine and called by the PRGMODE^%ZOSV routine. Resolution: ------------- Kernel Patch XU*8.0*800 modifies the PRGMODE^ZOSVONT routine to restrict access to Programmer Mode to only those users holding the XUPROGMODE security key. Test Sites: Change Order #: --------------------------------------- Dublin CHG0569404 Central Texas CHG0571136 Togus CHG0572596 Software and Documentation Retrieval Instructions: ---------------------------------------------------- The software for this patch is being released as a PackMan message. There's no updated Documentation being released with this patch. Patch Installation: ------------------- Pre/Post Installation Overview: ------------------------------- There are no Pre/Post installation routine processes. Pre-Installation Instructions: ------------------------------ This patch may be installed with users on the system although it is recommended that it be installed during non-peak hours to minimize potential disruption to users. This patch should take less than 5 minutes to install. Installation Instructions: -------------------------- 1. Choose the PackMan message containing this build. Then select the INSTALL/CHECK MESSAGE PackMan option to load the build. 2. From the Kernel Installation and Distribution System Menu, select the Installation Menu. From this menu, A. Select the Verify Checksums in Transport Global option to confirm the integrity of the routines that are in the transport global. When prompted for the INSTALL NAME enter XU*8*800 NOTE: Using will not bring up a Multi-Package build even if it was loaded immediately before this step. It will only bring up the last patch in the build. B. Select the Backup a Transport Global option to create a backup message. You must use this option and specify what to backup; the entire Build or just Routines. The backup message can be used to restore the routines and components of the build to the pre-patch condition. i. At the Installation option menu, select Backup a Transport Global ii. At the Select INSTALL NAME prompt, enter your build XU*8.0*800 iii. When prompted for the following, enter "R" for Routines or "B" for Build. Select one of the following: B Build R Routines Enter response: Build iv. When prompted "Do you wish to secure your build? NO//", press and take the default response of "NO". v. When prompted with, "Send mail to: Last name, First Name", press to take default recipient. Add any additional recipients. vi. When prompted with "Select basket to send to: IN//", press and take the default IN mailbox or select a different mailbox. C. You may also elect to use the following options: i. Print Transport Global - This option will allow you to view the components of the KIDS build. ii. Compare Transport Global to Current System - This option will allow you to view all changes that will be made when this patch is installed. It compares all of the components of this patch, such as routines, DDs, templates, etc. D. Select the Install Package(s) option and choose the patch to install. i. When prompted 'Want KIDS to INHIBIT LOGONs during the install? NO//', answer . ii. When prompted 'Want to DISABLE Scheduled Options, Menu Options, and Protocols? NO//', answer ************************************************************* ************************************************************* * * * NOTE: RELOAD^ZTMGRSET will automatically run as part of * * the post-install routine POST^XU8P800. * * * ************************************************************* ************************************************************* Running Post-Install Routine: POST^XU8P800 ZTMGRSET Version 8.0 Patch level **34,36,69,94,121,127, 136,191,275,355,446,584** HELLO! I exist to assist you in correctly initializing the current account. This is namespace or uci KRNTST1,KRNTST1. ********************************************************** * NOTE: must type YES when prompted 'Should I continue?' * ********************************************************** When prompted 'Should I continue? N//' YES === I think you are using OpenM-NT ********************************************************** * NOTE: must type 3 when prompted 'Which MUMPS system * * should I install?' * ********************************************************** When prompted 'Which MUMPS system should I install?' 1 = VAX DSM(V6), VAX DSM(V7) 2 = MSM-PC/PLUS, MSM for NT or UNIX 3 = Cache (VMS, NT, Linux), OpenM-NT 4 = 5 = 6 = 7 = GT.M (VMS) 8 = GT.M (Unix) System: 3// 3 (accept default for Cache (VMS,NT, Linux), OpenM-NT) ************************************************************ * NOTE: Must type 800 when prompted 'Patch number to load',* * otherwise post installation script will not update * * the %ZOSV routine file. ONLY utilize numeric keys * * above the alphabet keys on a keyboard while making * * this entry. If any mistake occurs reinstall the * * patch. * ************************************************************ When prompted 'Patch number to load:' 800 === ****Omitted some lines to save space*** ALL DONE Updating Routine file... Updating KIDS files... XU*8.0*800 Installed. Apr 29, 2024@13:48:48 Not a production UCI NO Install Message sent ----------------------------------------------------------------- +---------------------------------------------------+ 100% | 25 50 75 | Complete +---------------------------------------------------+ Install Completed Post-Installation Instructions ------------------------------ After installing sites should use CHECK1^XTSUMBLD to verify checksums of Routines %ZOSV and ZOSVONT. Both checksums must be identical. Back-Out/Roll Back Plan: ------------------------------- a. Use MailMan [XMUSER] menu to locate the PackMan message containing the backup build. The subject of the PackMan message begins with "Backup of XU*8.0*800". Use the PackMan message action XTRACT KIDS. b. Use the PackMan INSTALL/CHECK MESSAGE option to load the backup KIDS distribution. c. Use KIDS [XPD MAIN] menu to install the backup KIDS distribution using the Install Package(s) [XPD INSTALL BUILD] option. d. Re-installing the %ZOSV Routine to previous version by performing the following steps. TEST>D BACKOUT^XU8P800 BACKOUT: XU*8.0*800- PROGRAMMER MODE ACCESS ... ZOSVONT Loaded, Saved as %ZOSV: BACKOUT COMPLETE ALL DONE TEST> e. After back-out sites should use CHECK1^XTSUMBLD to verify checksums of Routines %ZOSV and ZOSVONT. Both checksums must be identical. Routine Information: ==================== The second line of each of these routines now looks like: ;;8.0;KERNEL;**[Patch List]**;Apr 23, 2024;Build 9 The checksums below are new checksums, and can be checked with CHECK1^XTSUMBLD. Routine Name: XU8P800 Before: n/a After: B471734 **800** Routine Name: ZOSVONT Before: B22340698 After: B24010589 **34,94,107,118,136,215,293, 284,385,425,440,499,800** ============================================================================= User Information: Entered By : Date Entered : JAN 24, 2024 Completed By: Date Completed: MAR 12, 2025 Released By : Date Released : MAR 13, 2025 ============================================================================= Packman Mail Message: ===================== $END TXT