Some variants of IBM 370 may allow a malicious user to gain full administrative priveleges via the "VM Guest" account and the DIAGNOSE function. The flaw occurs due to no authentication checks applied to the account or DIAGNOSE function which is considered 'priveleged'. With this command, the local user can perform untraced and undetected I/O on the system, allowing a wide range of commands and access.
Multics on GE-645 contain a flaw that may allow a local attacker to gain access to arbitrary files. The issue is due to the XRAY facility interface's supervisor entry accessing arguments incorrectly. With a crafted request, it was able to patch any location and read arbitrary privileged files.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.