Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2311.2
Security Bulletin: IBM Security Guardium products are
affected multiple vulnerabilities
6 October 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Guardium
IBM Security Guardium Database Activity Monitor
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Access Privileged Data -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-0249 CVE-2016-0247 CVE-2016-0242
CVE-2016-0241 CVE-2016-0240 CVE-2016-0236
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21990368
http://www.ibm.com/support/docview.wss?uid=swg21990219
http://www.ibm.com/support/docview.wss?uid=swg21990363
http://www.ibm.com/support/docview.wss?uid=swg21990229
http://www.ibm.com/support/docview.wss?uid=swg21990372
http://www.ibm.com/support/docview.wss?uid=swg21990232
Comment: This bulletin contains six (6) IBM security advisories.
Revision History: October 6 2016: Fixed typo in product name
October 4 2016: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Security Guardium is affected by Password in Clear
Text vulnerability (CVE-2016-0247)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Guardium Database Activity Monitor
Software version:
8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990368
Modified date:
2016-10-03
Summary
IBM Security Guardium could allow a local user to obtain sensitive
information including password information that would be transmitted in clear
text.
Vulnerability Details
CVEID:
CVE-2016-0247
DESCRIPTION:
IBM Security Guardium could allow a local user to obtain sensitive
information including password information that would be transmitted in clear
text.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110457
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Security GuardiumV 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Remediation/Fixes
VRMF Remediation/First Fix
IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
10/03/2016 Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Guardium Database Activity Monitor is
affected by Improper Authentication Vulnerability (CVE-2016-0241)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Guardium Database Activity Monitor
Software version:
8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990219
Modified date:
2016-10-03
Summary
IBM Security Guardium Database Activity Monitor could allow a local attacker
to bypass security authorization and masquerade as the administrator by
manipulating the HTTP login request.
Vulnerability Details
CVEID:
CVE-2016-0241
DESCRIPTION:
IBM Security Guardium Database Activity Monitor could allow a local attacker
to bypass security authorization and masquerade as the administrator by
manipulating the HTTP login request.
CVSS Base Score: 8.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110415
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Security Guardium Database Activity Monitor Versions 8.2, 9.0, 9.1, 9.5,
10.0, 10.0.1, 10.1
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd. Dmitriy Beryoza
Change History
10/03/2016- Original publish date
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Guardium Database Activity Monitor is
affected by SQL Injection vulnerability (CVE-2016-0249)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Guardium Database Activity Monitor
Software version:
8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990363
Modified date:
2016-10-03
Summary
IBM Security Guardium Database Activity Monitor is vulnerable to SQL
injection. A remote attacker could send specially-crafted SQL statements,
which could allow the attacker to view, add, modify or delete information in
the back-end database
Vulnerability Details
CVEID:
CVE-2016-0249
DESCRIPTION:
IBM Security Guardium Database Activity Monitor is vulnerable to SQL
injection. A remote attacker could send specially-crafted SQL statements,
which could allow the attacker to view, add, modify or delete information in
the back-end database.
CVSS Base Score: 8.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110509
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
Affected Products and Versions
IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0,
10.0.1, 10.1
Remediation/Fixes
VRMF Remediation/First Fix
IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
10/03/2016 Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Guardium is affected by Application Error
vulnerability (CVE-2016-0242)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Software version:
10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990229
Modified date:
2016-10-03
Summary
IBM Security Guardium could disclose sensitive information about its
environment, users, or associated data in the error message when an
authenticated user produces errors.
Vulnerability Details
CVEID:
CVE-2016-0242
DESCRIPTION:
IBM Security Guardium could disclose sensitive information about its
environment, users, or associated data in the error message when an
authenticated user produces errors.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110416
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security GuardiumV 10.0, 10.0.1, 10.1
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Guardium 10 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
10/03/2016 Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Guardium Database Activity Monitor is
affected by OS Command Injection vulnerability (CVE-2016-0236)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Guardium Database Activity Monitor
Software version:
8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990372
Modified date:
2016-10-03
Summary
IBM Security Guardium Database Activity Monitor could allow an authenticated
attacker to injection commands into the search field that will be executed as
root.
Vulnerability Details
CVEID:
CVE-2016-0236
DESCRIPTION:
IBM Security Guardium Database Activity Monitor could allow an authenticated
attacker to injection commands into the search field that will be executed as
root.
CVSS Base Score: 8.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110327
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0,
10.0.1, 10.1
Remediation/Fixes
VRMF Remediation/First Fix
IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
10/03/2016 Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM Security Guardium Database Activity Monitor is
affected by Missing HTTP Strict-Transport-Security Header vulnerability
(CVE-2016-0240)
Security Bulletin
Document information
More support for:
IBM Security Guardium
Guardium Database Activity Monitor
Software version:
8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1
Operating system(s):
Linux
Reference #:
1990232
Modified date:
2016-10-03
Summary
IBM Security Guardium Database Activity Monitor does not force the HTTP
Strict-Transport-Security Header. This could allow an attacker to obtain
sensitive information using man in the middle techniques.
Vulnerability Details
CVEID:
CVE-2016-0240
DESCRIPTION:
IBM Security Guardium Database Activity Monitor does not force the HTTP
Strict-Transport-Security Header. This could allow an attacker to obtain
sensitive information using man in the middle techniques.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110411
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0,
10.0.1, 10.1
Remediation/Fixes
VRMF Remediation/First Fix
IBM Security Guardium Database Activity Monitor 8.2 https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 9x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor 10x https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
10/03/2016 Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV/XnaIx+lLeg9Ub1AQjawg//SqG3dY29njeQD6GAUUxzU9iAWYh382Hv
fL0cvxihygPZCcgLdc6mdyksdeZt1kDOipkWSAH4WddYo8m5vHu+7V9FSmJro8et
N8ashjdX5Uy3EWA2D5m+Sj/VjlNz0pV/QSFJ1WKJrMRMYZ4GPCf4ioEaWWLoY6ed
mIsyqx63JvOMOaGtSlGQhBNo4rc8Dlx5Jkqw+UecI+i8b26VxTgnvvCL5KfkcxJT
ZNF1g7Uy2p7iVuLO7xyNMFAHB1qfo/V1xLEdpUu0V38292wvSocebOF3wWwt3pG9
JuUW9hxQsvy5o3y/M/c/PpbgNfva2x1//GtceHtrUEg0cyvzPpaUE1ofXCcYJ6zu
yTel6nEavzG56osNZV6OZZenEjef4utoHmcutgTqU5t7wrb5ngCUDONY0d5kdZ91
CygC+f6Q7ufKRgWd/3J+XJJuK01ft8yIApVhOlGmOG/Sd8w+3RbskJZi9dTUK1uL
vZaEm2FoksLGHGoAzGnz9NLrQt1t0kwtw9njRjJrrFINNfdqYP8edQ0aKrL8ymDl
ti6gZBldfX7RBsRj7RqPRPMu2lpbni3mKfH5u0BO734I0BDzw0QL1wvkGU5B9mYf
xwA9UIDNhCZiIgeJWQypJTsHx09brUJ5ykylN+qKXitj53VAUvPMFIb/4H44uDeM
xkek6yApbJ0=
=iKe2
-----END PGP SIGNATURE-----