Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0171 Security Advisory: Oracle Hospitality Applications 18 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Hospitality Applications Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-10425 CVE-2017-10421 CVE-2017-10420 CVE-2017-10419 CVE-2017-10405 CVE-2017-10404 CVE-2017-10403 CVE-2017-10402 CVE-2017-10401 CVE-2017-10399 CVE-2017-10398 CVE-2017-10397 CVE-2017-10396 CVE-2017-10395 CVE-2017-10389 CVE-2017-10383 CVE-2017-10375 CVE-2017-10372 CVE-2017-10370 CVE-2017-10367 CVE-2017-10361 CVE-2017-10353 CVE-2017-10344 CVE-2017-10343 CVE-2017-10340 CVE-2017-10339 CVE-2017-10337 CVE-2017-10319 CVE-2017-10318 CVE-2017-10317 CVE-2017-10316 CVE-2017-10197 CVE-2017-10054 CVE-2017-10050 CVE-2017-10014 CVE-2017-5664 CVE-2017-5662 Member content until: Friday, November 17 2017 Reference: ASB-2017.0169 ESB-2017.2480 ESB-2017.1423 ESB-2017.1175 OVERVIEW Multiple vulnerabilities have been identified in Oracle Hospitality Cruise AffairWhere, versions 2.2.5.0, 2.2.6.0, 2.2.7.0 Oracle Hospitality Cruise Fleet Management, version 9.0.2.0 Oracle Hospitality Cruise Materials Management, version 7.30.564.0 Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.2.0 Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1 Oracle Hospitality Hotel Mobile, version 1.1 Oracle Hospitality OPERA 5 Property Services, versions 5.4.2.x through 5.5.1.x Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0 Oracle Hospitality Simphony, versions 2.6, 2.7, 2.8, 2.9 Oracle Hospitality Suite8, versions 8.10.1, 8.10.2 [1] IMPACT The vendor has provided the following information regarding to the vulnerabilities. This Critical Patch Update contains 37 new security fixes for Oracle Hospitality Applications. 13 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. [1] "CVE-2017-10402 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVE-2017-10405 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVE-2017-10396 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise AffairWhere. While the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise AffairWhere accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise AffairWhere accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise AffairWhere. CVE-2017-10404 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVE-2017-5664 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Guest Access. CVE-2017-10401 8.7 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. While the vulnerability is in Oracle Hospitality Cruise Materials Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Materials Management. CVE-2017-10372 8.7 AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. While the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Guest Access accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Guest Access. CVE-2017-10398 8.4 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management executes to compromise Oracle Hospitality Cruise Fleet Management. While the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVE-2017-10050 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVE-2017-10403 8.0 AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVE-2017-5662 7.3 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H The supported version that is affected is 11.1.2.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle API Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle API Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle API Gateway. Note: Please refer to Doc ID My Oracle Support Note 2313917.1 for instructions on how to address this issue. CVE-2017-10353 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Hotel Mobile accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Hotel Mobile. CVE-2017-10370 6.9 AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. CVE-2017-10343 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVE-2017-10344 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Supported versions that are affected are 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data. CVE-2017-10421 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVE-2017-10316 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVE-2017-10361 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L The supported version that is affected is 8.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Shipboard Property Management System. CVE-2017-10420 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. While the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVE-2017-10397 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management accessible data. CVE-2017-10339 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVE-2017-10389 5.7 AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVE-2017-10395 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Fleet Management accessible data. CVE-2017-10367 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVE-2017-10340 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVE-2017-10425 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVE-2017-10337 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVE-2017-10383 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVE-2017-10319 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVE-2017-10054 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVE-2017-10419 5.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVE-2017-10318 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVE-2017-10375 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVE-2017-10197 4.6 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVE-2017-10317 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVE-2017-10014 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Hotel Mobile. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Hotel Mobile accessible data. CVE-2017-10399 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L The supported version that is affected is 9.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Fleet Management." [2] MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - October 2017 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html [2] Text Form of Oracle Critical Patch Update - October 2017 Risk Matrices http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWebRfYx+lLeg9Ub1AQg0XQ/8CzQNTpUsi1QEZUwfbi20tNOzfllQLktE uCRVgZFvyJZaVQhcFQUlYHR7Td0ylI1lFNyzgszLRpv1PbwsH/xtqPBOUf753qgB v2YNGvRQ1d4JeBzIwoe8cnEnkTRTWkz/8Eb0CVKz9SLwCT4kiBqsMMZloBv05z4u rfjVtK9PLPaDGXC65jgP/ksOXEluV22lZD1/i/69BAzv873/dT9e+7jPWyynze9X XCE9GUdA027a6vlwMSogXSdGXZioAd+EHVB5sjjucQZZfhhI/+Shou4ozf2Fubgs eMeC293HSw4uWqJFDd0+1xZtmIFGmdKuhjjtqXquVBQwUGweob2cjLcfUZyZfgGb KgDac+ejVKiF1Bolm/jCc325hUTwSNziu6wCPzpA5yS62anfDOVAKvxPqf9oDJ6z 00K3WDrI5gzDhFOIycMnUyDVe/Wt3tfm6MzMpnslGa0GpjfZnYyym9hjE3CoTm1Q rG+GkkEJDnDSjcBhRVbk8bjvBCBjMUxnRHU/sGL9g0Wm+bv6DGfgWQ1G2DoV9erK fP0W8HUnJSoDLUNHUueyZo5AHu68rp+akFJa5i9nnqqwRfN4zRBFlFKNiYPVKa5k 3yCwXMiC8YvBta+2zmeH8FixMrNh3/PPzFv4+D+u+SJPzfNKGgbZha/FJLV6fA/5 Aq3V4IfGgjM= =C45b -----END PGP SIGNATURE-----