Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2311.2 Security Bulletin: IBM Security Guardium products are affected multiple vulnerabilities 6 October 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Guardium IBM Security Guardium Database Activity Monitor Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Access Privileged Data -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-0249 CVE-2016-0247 CVE-2016-0242 CVE-2016-0241 CVE-2016-0240 CVE-2016-0236 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21990368 http://www.ibm.com/support/docview.wss?uid=swg21990219 http://www.ibm.com/support/docview.wss?uid=swg21990363 http://www.ibm.com/support/docview.wss?uid=swg21990229 http://www.ibm.com/support/docview.wss?uid=swg21990372 http://www.ibm.com/support/docview.wss?uid=swg21990232 Comment: This bulletin contains six (6) IBM security advisories. Revision History: October 6 2016: Fixed typo in product name October 4 2016: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Security Guardium is affected by Password in Clear Text vulnerability (CVE-2016-0247) Security Bulletin Document information More support for: IBM Security Guardium Guardium Database Activity Monitor Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990368 Modified date: 2016-10-03 Summary IBM Security Guardium could allow a local user to obtain sensitive information including password information that would be transmitted in clear text. Vulnerability Details CVEID: CVE-2016-0247 DESCRIPTION: IBM Security Guardium could allow a local user to obtain sensitive information including password information that would be transmitted in clear text. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110457 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions IBM Security GuardiumV 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Remediation/Fixes VRMF Remediation/First Fix IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 10/03/2016 Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authentication Vulnerability (CVE-2016-0241) Security Bulletin Document information More support for: IBM Security Guardium Guardium Database Activity Monitor Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990219 Modified date: 2016-10-03 Summary IBM Security Guardium Database Activity Monitor could allow a local attacker to bypass security authorization and masquerade as the administrator by manipulating the HTTP login request. Vulnerability Details CVEID: CVE-2016-0241 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a local attacker to bypass security authorization and masquerade as the administrator by manipulating the HTTP login request. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110415 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM Security Guardium Database Activity Monitor Versions 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd. Dmitriy Beryoza Change History 10/03/2016- Original publish date *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by SQL Injection vulnerability (CVE-2016-0249) Security Bulletin Document information More support for: IBM Security Guardium Guardium Database Activity Monitor Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990363 Modified date: 2016-10-03 Summary IBM Security Guardium Database Activity Monitor is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database Vulnerability Details CVEID: CVE-2016-0249 DESCRIPTION: IBM Security Guardium Database Activity Monitor is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSS Base Score: 8.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110509 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) Affected Products and Versions IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Remediation/Fixes VRMF Remediation/First Fix IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 10/03/2016 Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: IBM Security Guardium is affected by Application Error vulnerability (CVE-2016-0242) Security Bulletin Document information More support for: IBM Security Guardium Software version: 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990229 Modified date: 2016-10-03 Summary IBM Security Guardium could disclose sensitive information about its environment, users, or associated data in the error message when an authenticated user produces errors. Vulnerability Details CVEID: CVE-2016-0242 DESCRIPTION: IBM Security Guardium could disclose sensitive information about its environment, users, or associated data in the error message when an authenticated user produces errors. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110416 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Security GuardiumV 10.0, 10.0.1, 10.1 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Guardium 10 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 10/03/2016 Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection vulnerability (CVE-2016-0236) Security Bulletin Document information More support for: IBM Security Guardium Guardium Database Activity Monitor Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990372 Modified date: 2016-10-03 Summary IBM Security Guardium Database Activity Monitor could allow an authenticated attacker to injection commands into the search field that will be executed as root. Vulnerability Details CVEID: CVE-2016-0236 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow an authenticated attacker to injection commands into the search field that will be executed as root. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110327 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Remediation/Fixes VRMF Remediation/First Fix IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 10/03/2016 Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --- Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2016-0240) Security Bulletin Document information More support for: IBM Security Guardium Guardium Database Activity Monitor Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Operating system(s): Linux Reference #: 1990232 Modified date: 2016-10-03 Summary IBM Security Guardium Database Activity Monitor does not force the HTTP Strict-Transport-Security Header. This could allow an attacker to obtain sensitive information using man in the middle techniques. Vulnerability Details CVEID: CVE-2016-0240 DESCRIPTION: IBM Security Guardium Database Activity Monitor does not force the HTTP Strict-Transport-Security Header. This could allow an attacker to obtain sensitive information using man in the middle techniques. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110411 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1 Remediation/Fixes VRMF Remediation/First Fix IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 10/03/2016 Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV/XnaIx+lLeg9Ub1AQjawg//SqG3dY29njeQD6GAUUxzU9iAWYh382Hv fL0cvxihygPZCcgLdc6mdyksdeZt1kDOipkWSAH4WddYo8m5vHu+7V9FSmJro8et N8ashjdX5Uy3EWA2D5m+Sj/VjlNz0pV/QSFJ1WKJrMRMYZ4GPCf4ioEaWWLoY6ed mIsyqx63JvOMOaGtSlGQhBNo4rc8Dlx5Jkqw+UecI+i8b26VxTgnvvCL5KfkcxJT ZNF1g7Uy2p7iVuLO7xyNMFAHB1qfo/V1xLEdpUu0V38292wvSocebOF3wWwt3pG9 JuUW9hxQsvy5o3y/M/c/PpbgNfva2x1//GtceHtrUEg0cyvzPpaUE1ofXCcYJ6zu yTel6nEavzG56osNZV6OZZenEjef4utoHmcutgTqU5t7wrb5ngCUDONY0d5kdZ91 CygC+f6Q7ufKRgWd/3J+XJJuK01ft8yIApVhOlGmOG/Sd8w+3RbskJZi9dTUK1uL vZaEm2FoksLGHGoAzGnz9NLrQt1t0kwtw9njRjJrrFINNfdqYP8edQ0aKrL8ymDl ti6gZBldfX7RBsRj7RqPRPMu2lpbni3mKfH5u0BO734I0BDzw0QL1wvkGU5B9mYf xwA9UIDNhCZiIgeJWQypJTsHx09brUJ5ykylN+qKXitj53VAUvPMFIb/4H44uDeM xkek6yApbJ0= =iKe2 -----END PGP SIGNATURE-----