Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1456
IBM WebSphere Message Broker and IBM Integration Bus Security
Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7
15 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM WebSphere Message Broker
Publisher: IBM
Operating System: AIX
HP-UX
Linux variants
Solaris
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-3743 CVE-2013-2473 CVE-2013-2472
CVE-2013-2471 CVE-2013-2470 CVE-2013-2469
CVE-2013-2468 CVE-2013-2466 CVE-2013-2465
CVE-2013-2464 CVE-2013-2463 CVE-2013-2462
CVE-2013-2460 CVE-2013-2459 CVE-2013-2458
CVE-2013-2457 CVE-2013-2456 CVE-2013-2455
CVE-2013-2454 CVE-2013-2453 CVE-2013-2452
CVE-2013-2451 CVE-2013-2450 CVE-2013-2449
CVE-2013-2448 CVE-2013-2447 CVE-2013-2446
CVE-2013-2444 CVE-2013-2443 CVE-2013-2442
CVE-2013-2437 CVE-2013-2412 CVE-2013-2407
CVE-2013-2400 CVE-2013-1500
Reference: ASB-2013.0075
ESB-2013.1301
ESB-2013.1237
ESB-2013.1236
ESB-2013.1194
ESB-2013.1125
ESB-2013.1096
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21647053
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability:
Multiple security vulnerabilities in IBM JREs 5 & 7
Flash (Alert)
Document information
WebSphere Message Broker
Security
Software version:
6.1
Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows
Reference #:
1647053
Modified date:
2013-10-09
Abstract
Multiple security vulnerabilities exist in the IBM Java Runtime Environment
component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier)
and the IBM Java Runtime Environment component of IBM Integration Bus for JRE
7.0 SR5 (and earlier).
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2013-1500, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437,
CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447,
CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452,
CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457,
CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2462, CVE-2013-2463,
CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469,
CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743
DESCRIPTION:
There are multiple security vulnerabilities in the IBM Java Runtime
Environment component of IBM WebSphere Message Broker. All are applicable to
both IBM JRE 5.0 and IBM JRE 7.0 except where indicated.
CVE-2013-1500 (CVSS3.2)
CVE-2013-2400 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2407 (CVSS6.4) - IBM JRE 7.0 Only
CVE-2013-2412 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2437 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2442 (CVSS7.5) - IBM JRE 7.0 Only
CVE-2013-2443 (CVSS5)
CVE-2013-2444 (CVSS5)
CVE-2013-2446 (CVSS5)
CVE-2013-2447 (CVSS5)
CVE-2013-2448 (CVSS7.6)
CVE-2013-2449 (CVSS4.3) - IBM JRE 7.0 Only
CVE-2013-2450 (CVSS5)
CVE-2013-2451 (CVSS3.7) - IBM JRE 7.0 Only
CVE-2013-2452 (CVSS5)
CVE-2013-2453 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2454 (CVSS5.8)
CVE-2013-2455 (CVSS5)
CVE-2013-2456 (CVSS5)
CVE-2013-2457 (CVSS5)
CVE-2013-2458 (CVSS5.8) - IBM JRE 7.0 Only
CVE-2013-2459 (CVSS10)
CVE-2013-2460 (CVSS9.3) - IBM JRE 7.0 Only
CVE-2013-2462 (CVSS9.3) - IBM JRE 7.0 Only
CVE-2013-2463 (CVSS10)
CVE-2013-2464 (CVSS10)
CVE-2013-2465 (CVSS10)
CVE-2013-2466 (CVSS10) - IBM JRE 7.0 Only
CVE-2013-2468 (CVSS10) - IBM JRE 7.0 Only
CVE-2013-2469 (CVSS10)
CVE-2013-2470 (CVSS10)
CVE-2013-2471 (CVSS10)
CVE-2013-2472 (CVSS10)
CVE-2013-2473 (CVSS10)
CVE-2013-3743 (CVSS9.3)
CVSS:
CEVID: CVE-2013-1500
CVSS Base Score: 3.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85062
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)
CEVID: CVE-2013-2400
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85050
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CEVID: CVE-2013-2407
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85044
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CEVID: CVE-2013-2412
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85059
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2437
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85049
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2444
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85047
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CEVID: CVE-2013-2442
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85041
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CEVID: CVE-2013-2443
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85054
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2447
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85056
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2446
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85048
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2448
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85040
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2449
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85060
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2450
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85057
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CEVID: CVE-2013-2451
CVSS Base Score: 3.7
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85061
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P)
CEVID: CVE-2013-2452
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85055
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2453
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85053
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CEVID: CVE-2013-2454
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85045
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CEVID: CVE-2013-2455
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84146
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2456
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85058
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CEVID: CVE-2013-2457
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85052
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CEVID: CVE-2013-2458
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85046
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CEVID: CVE-2013-2459
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85033
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2460
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85038
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2462
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85037
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2463
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85029
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2464
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85030
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2465
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85031
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2466
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85035
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2468
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85034
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2469
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85032
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2470
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85025
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2471
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85026
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2472
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85027
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-2473
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85028
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CEVID: CVE-2013-3743
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85036
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
AFFECTED PLATFORMS:
IBM WebSphere Message Broker V6.1 & IBM Integration Bus V9.0 are affected on
all platforms except IBM z/OS.
REMEDIATION:
None known
FIX
For IBM WebSphere Message Broker V6.1 an interim fix for APAR IC94158 is
available from IBM Fix Central:
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IC94158
APAR IC94158 is targeted for availability in IBM WebSphere Message Broker
V6.1.0.12
Note: The fix on the Solaris platform is yet available for IBM WebSphere
Message Broker V6.1
For IBM Integration Bus V9.0 an interim fix for APAR IC94187 available from
IBM Fix Central:
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IC94187
APAR IC94187 is targeted for availability in IBM Integration Bus V9.0.0.1
Mitigation
None known
REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
CVE-2013-1500
http://xforce.iss.net/xforce/xfdb/85062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1500
CVE-2013-2400
http://xforce.iss.net/xforce/xfdb/85050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2400
CVE-2013-2407
http://xforce.iss.net/xforce/xfdb/85044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2407
CVE-2013-2412
http://xforce.iss.net/xforce/xfdb/85059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2412
CVE-2013-2437
http://xforce.iss.net/xforce/xfdb/85049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2437
CVE-2013-2444
http://xforce.iss.net/xforce/xfdb/85047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2444
CVE-2013-2442
http://xforce.iss.net/xforce/xfdb/85041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2442
CVE-2013-2443
http://xforce.iss.net/xforce/xfdb/85054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2443
CVE-2013-2447
http://xforce.iss.net/xforce/xfdb/85056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2447
CVE-2013-2446
http://xforce.iss.net/xforce/xfdb/85048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2446
CVE-2013-2448
http://xforce.iss.net/xforce/xfdb/85040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2448
CVE-2013-2449
http://xforce.iss.net/xforce/xfdb/85060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2449
CVE-2013-2450
http://xforce.iss.net/xforce/xfdb/85057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2450
CVE-2013-2451
http://xforce.iss.net/xforce/xfdb/85061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2451
CVE-2013-2452
http://xforce.iss.net/xforce/xfdb/85055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2452
CVE-2013-2453
http://xforce.iss.net/xforce/xfdb/85053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2453
CVE-2013-2454
http://xforce.iss.net/xforce/xfdb/85045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2454
CVE-2013-2455
http://xforce.iss.net/xforce/xfdb/84146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2455
CVE-2013-2456
http://xforce.iss.net/xforce/xfdb/85058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2456
CVE-2013-2457
http://xforce.iss.net/xforce/xfdb/85052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2457
CVE-2013-2458
http://xforce.iss.net/xforce/xfdb/85046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2458
CVE-2013-2459
http://xforce.iss.net/xforce/xfdb/85033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2459
CVE-2013-2460
http://xforce.iss.net/xforce/xfdb/85038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2460
CVE-2013-2462
http://xforce.iss.net/xforce/xfdb/85037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2462
CVE-2013-2463
http://xforce.iss.net/xforce/xfdb/85029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2463
CVE-2013-2464
http://xforce.iss.net/xforce/xfdb/85030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2464
CVE-2013-2465
http://xforce.iss.net/xforce/xfdb/85031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2465
CVE-2013-2466
http://xforce.iss.net/xforce/xfdb/85035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2466
CVE-2013-2468
http://xforce.iss.net/xforce/xfdb/85034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2468
CVE-2013-2469
http://xforce.iss.net/xforce/xfdb/85032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2469
CVE-2013-2470
http://xforce.iss.net/xforce/xfdb/85025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2470
CVE-2013-2471
http://xforce.iss.net/xforce/xfdb/85026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2471
CVE-2013-2472
http://xforce.iss.net/xforce/xfdb/85027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2472
CVE-2013-2473
http://xforce.iss.net/xforce/xfdb/85028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2473
CVE-2013-3743
http://xforce.iss.net/xforce/xfdb/85036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3743
CHANGE HISTORY:
<09 - Oct - 2013>: Original Copy Published
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUly0khLndAQH1ShLAQLoTBAAlemAgsHjfOGEieAcAIUWgME2k71fMylr
ke3oaFt4cXPV5eYWSQZiqysdGj3oFNSsIESUFuGPiR30QyKxR8/d+RCk40Fs3Faj
1tO1pTngdjHSzu1zCu2g7l9GnijEg/DFd51+lilcwUpXVxE1jOw03Gj2CEBYcZs0
c6J6KlnaZ0U7cqxBE2+RlEuJnkmwnPMDa9UhOzglxeOiZx5I+AoIbpVwRwfPoA14
gsMZ65mjKyPSZYkMFwnFy8h4Elx8XprE/RwPeHn/+YvfxsV3/BB2FeNgAGoUMKk8
KLYDtoiuOlF3bKtdZ4oCrhvppP3+sUAL7NR/9qoLtJbLgnuPFyQjGr3NyyZUwQ78
LcVpVs2QEQ0tWH+TiFsDoXykXTFlIY4x672zVKsi63SLuwzP/Fs4Bfz/NkWG8VzZ
5EDtSZSI1tNGWqv+eOv8Ru+/h+o4kbM4XBBu01OwcT/8e9H7HnwyrnwZ3a1k+gj6
7Y/GROout9tsb2oj+8oOyG92Elc73IlNKwC9epTMpwcA5aYPxJ3e1TSIIF0aBuSm
00zT1sa6lJPIG7n+tZrEMZC3e1fpu+WeXH995qTrfuW0Js4EHwPGTb0SAaxCGy/+
VO0BL34wK/DtSss5kqfgZvnAS4U4LFAKCvD6dhR/lDgyC83FZRaew5WzJh50vhYk
vYRC5JBRcNQ=
=nVjW
-----END PGP SIGNATURE-----