Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0367
Multiple vulnerabilities affect IBM Security Access Manager for Mobile
16 February 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Access Manager for Mobile
Publisher: IBM
Operating System: Network Appliance
VMware ESX Server
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-3405 CVE-2015-2730 CVE-2015-1819
CVE-2015-1799 CVE-2015-1798 CVE-2014-9298
CVE-2014-9297 CVE-2014-8150 CVE-2014-8121
CVE-2014-3613 CVE-2008-5161
Reference: ASB-2015.0103
ASB-2015.0070
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21976082
http://www.ibm.com/support/docview.wss?uid=swg21976290
http://www.ibm.com/support/docview.wss?uid=swg21976295
http://www.ibm.com/support/docview.wss?uid=swg21975967
http://www.ibm.com/support/docview.wss?uid=swg21976393
http://www.ibm.com/support/docview.wss?uid=swg21974736
Comment: This bulletin contains six (6) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Security Access Manager for Mobile is affected by an
OpenSSH vulnerability (CVE-2008-5161)
Security Bulletin
Document information
More support for:
IBM Security Access Manager for Mobile
Software version:
8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3,
9.0
Operating system(s):
Platform Independent
Reference #:
1976082
Modified date:
2016-02-11
Summary
IBM Security Access Manager for Mobile has SSH Server Cipher Block Chaining
(CBC) mode ciphers enabled, which could allow an attacker to recover the
plaintext message from the ciphertext.
Vulnerability Details
CVEID:
CVE-2008-5161
DESCRIPTION:
OpenSSH and multiple SSH Tectia products could allow a remote attacker to
obtain sensitive information, caused by the improper handling of errors
within an SSH session which is encrypted with a block cipher algorithm in CBC
mode. A remote attacker with read and write access to network data could
exploit this vulnerability to display plaintext bits from a block of
ciphertext and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product name VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0 - 8.0.1.3 IV80765 1. For 8.0 - 8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 3:
8.0.1.3-ISS-ISAM-IF0003
IBM Security Access Manager 9.0 IV80762 1. Apply 9.0.0.0 interim fix 1:
9.0.0-ISS-ISAM-IF0001
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Chris Shepherd, Dmitriy Beryoza
Change History
February 12, 2016: Added acknowledgement.
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security
Access Manager for Mobile (CVE-2014-8121)
Security Bulletin
Document information
More support for:
IBM Security Access Manager for Mobile
Software version:
8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3,
9.0
Operating system(s):
Platform Independent
Reference #:
1976290
Modified date:
2016-02-08
Summary
A GNU C library (glibc) vulnerability affects IBM Security Access Manager for
Mobile.
Vulnerability Details
CVEID:
CVE-2014-8121
DESCRIPTION:
GNU C Library (glibc) is vulnerable to a denial of service, caused by the
failure to properly check if a file is open by DB_LOOKUP in nss_files/files-
XXX.c in the Name Service Switch (NSS). By performing a look-up on a database
while iterating over it, an attacker could exploit this vulnerability to
cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/102652
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0 - 8.0.1.3 IV80937 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 4:
8.0.1.3-ISS-ISAM-IF0004
IBM Security Access Manager 9.0 IV80933 1. Upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 1:
9.0.0.1-ISS-ISAM-IF0001
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access
Manager for Mobile (CVE-2015-2730)
Security Bulletin
Document information
More support for:
IBM Security Access Manager for Mobile
Software version:
8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3,
9.0
Operating system(s):
Platform Independent
Reference #:
1976295
Modified date:
2016-02-08
Summary
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications.
IBM Security Access Manager for Mobile is affected by a vulnerability in the
nss-softokn package.
Vulnerability Details
CVEID:
CVE-2015-2730
DESCRIPTION:
Mozilla Firefox could allow a remote attacker to bypass security
restrictions, caused by the failure to properly handle certain exceptional
cases by the Elliptical Curve Cryptography (ECC) multiplication for Elliptic
Curve Digital Signature Algorithm (ECDSA) signature validation in Network
Security Services (NSS). By persuading a victim to visit a specially-crafted
Web site, a remote attacker could exploit this vulnerability to forge
signatures.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0 - 8.0.1.3 IV80966 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 4:
8.0.1.3-ISS-ISAM-IF0004
IBM Security Access Manager 9.0 IV80965 1. Upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 1:
9.0.0.1-ISS-ISAM-IF0001
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Access Manager for Mobile is affected by
multiple NTP vulnerabilities
Security Bulletin
Document information
More support for:
IBM Security Access Manager for Mobile
Software version:
8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3,
9.0
Operating system(s):
Platform Independent
Reference #:
1975967
Modified date:
2016-02-08
Summary
The Network Time Protocol (NTP) is used to synchronize a computer's time with
another referenced time source.
IBM Security Access Manager for Mobile uses NTP and is affected by multiple
NTP vulnerabilities.
Vulnerability Details
CVEID:
CVE-2014-9297
DESCRIPTION:
Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote
attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG.
An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to
bypass ACLs and launch further attacks on the system.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:
CVE-2014-9298
DESCRIPTION:
Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote
attacker to obtain sensitive information, caused by the improper validation
of the length value in extension field pointers. An attacker could exploit
this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID:
CVE-2015-1798
DESCRIPTION:
Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote
attacker to bypass security restrictions, caused by the acceptance of packets
that do not contain a message authentication code (MAC) as valid packets wen
configured for symmetric key authentication. An attacker could exploit this
vulnerability using man-in-the-middle techniques to bypass the authentication
process.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)
CVEID:
CVE-2015-1799
DESCRIPTION:
Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a
denial of service, caused by an error when using symmetric key
authentication. By sending specially-crafted packets to both peering hosts,
an attacker could exploit this vulnerability to prevent synchronization.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)
CVEID:
CVE-2015-3405
DESCRIPTION:
Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing
attacks, caused by the generation of MD5 symmetric keys on big-endian systems
by the ntp-keygen utility. An attacker could exploit this vulnerability using
the generated MD5 keys to spoof an NTP client or server.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104387
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0 - 8.0.1.3 IV80926 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 4:
8.0.1.3-ISS-ISAM-IF0004
IBM Security Access Manager 9.0 IV80905 1. Upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 1:
9.0.0.1-ISS-ISAM-IF0001
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: A libxml vulnerability affects IBM Security Access Manager
for Mobile (CVE-2015-1819)
Security Bulletin
Document information
More support for:
IBM Security Access Manager for Mobile
Software version:
8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3,
9.0
Operating system(s):
Platform Independent
Reference #:
1976393
Modified date:
2016-02-08
Summary
IBM Security Access Manager for Mobile is affected by a denial of service
vulnerability in libxml2.
Vulnerability Details
CVEID:
CVE-2015-1819
DESCRIPTION:
Libxml is vulnerable to a denial of service, caused by an XML External Entity
Injection (XXE) error in the xmlreader when processing XML data. A remote
attacker could exploit this vulnerability to consume all available memory
resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/107272
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions
IBM Security Access Manager 9.0 appliances, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0 - 8.0.1.3 IV80972 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 4:
8.0.1.3-ISS-ISAM-IF0004
IBM Security Access Manager 9.0 IV80971 1. Upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 1:
9.0.0.1-ISS-ISAM-IF0001
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: Vulnerabilities in cURL and libcURL affect IBM Security
Access Manager (CVE-2014-3613, CVE-2014-8150)
Security Bulletin
Document information
More support for:
IBM Security Access Manager
Software version:
9.0, 9.0.0.1
Operating system(s):
Appliance
Reference #:
1974736
Modified date:
2016-02-10
Summary
IBM Security Access Manager is affected by vulnerabilities in cURL and
libcURL.
Vulnerability Details
CVEID:
CVE-2014-3613
DESCRIPTION:
cURL/libcURL could allow a remote attacker to bypass security restrictions,
caused by the failure to properly detect and reject domain names for IP
addresses. An attacker could exploit this vulnerability to send cookies to an
incorrect site.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:
CVE-2014-8150
DESCRIPTION:
libcURL is vulnerable to CRLF injection, caused by the improper handling of
URLs with embedded end-of-line characters. By persuading a victim to click on
a specially-crafted URL link using an HTTP proxy, a remote attacker could
exploit this vulnerability to conduct various attacks against the vulnerable
system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM Security Access Manager 9.0 appliances, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow
the installation instructions in the README file included with the patch.
Product VRMF APAR Remediation
IBM Security Access Manager 9.0 - 9.0.0.1 IV80969 1. For 9.0 environments, upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 1:
9.0.0.1-ISS-ISAM-IF0001
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
February 1, 2016: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVsJVpn6ZAP0PgtI9AQJEZQ//e02G/wue0JLi0MhHZnrh0zryHDakFa6d
jrnwaTdHJQxo6ZdanX4eYxgIP6ZAJBUXx7COWHkAk9JUuMh5lzU0atO+yzER9S8q
l9nfXvte/PZsHXHzJSqHFucbyS4/+M425Mlb9qVoZCswZ3xQB/xV7RLH7rDP1OQT
WR+qTrTOzZ6mVE9ggp4+Z3tWGXL0A7LJCLRVyn10aZ5JJxG2TQQvYheKBp0KB9iH
G2Z5MvqHET5ev43WbuagvcydVDipbaLUe1J56QO4T6pLH7DcAlQyDTDWgWEE0jCH
UQM3/PUzlvr77VTtrSFEg5A7px/HQ/1Jp9EKvTqh+pVxjDhMRmSZ/L+qCtpwmgFz
2dZGix9Wy6DYhceQg8ivmCnFcceG+DFO3MF+vx+90+gua6FF5x8LGqjpaPcAFWkR
8gOerWP6ByBWw6Bvc+brRd/P6t7CJnPPXAKqjIyzbL0FcIKUEKPyBW673VGPpNgM
lPqywHTYbIWPcRpEe3MzHX93LafP6nLnRe7RbQci+krQoJ0ROurA89uNDWVJqGSd
SgNjPke2U8GpiRTHViELQ3jll9D68CCpRyAQOf1QgxW18763dyJlHsmoovhHfp0i
ANo5InVUylDKwf4oSFAkihw+AZ+5wKW6aXg0ua1TUbj7j266U1Rru76FeSiYgn42
fCn7ToekE30=
=Z2MN
-----END PGP SIGNATURE-----