Operating System:

Published:

13 April 2017

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.0960
          Multiple vulnerabilities have been identified in JunOS
                               13 April 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Juniper Junos
Publisher:         Juniper Networks
Impact/Access:     Root Compromise                -- Existing Account      
                   Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Remote/Unauthenticated
                   Reduced Security               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-2340 CVE-2017-2313 CVE-2017-2312
                   CVE-2016-10142 CVE-2016-9311 CVE-2016-9310
                   CVE-2016-7431 CVE-2016-7429 CVE-2016-7427
                   CVE-2016-1886 CVE-2015-8158 CVE-2015-8138
                   CVE-2015-7979 CVE-2015-7973 

Reference:         ESB-2016.1246
                   ESB-2016.1041

Original Bulletin: 
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10786
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10784
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10777
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10780
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10776
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10778

Comment: This bulletin contains six (6) Juniper Networks security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

2017-04 Security Bulletin: Junos: PFE crash while handling IPv6 ND 
advertisements (CVE-2017-2340)

Article ID:   JSA10786 
Last Updated: 12 Apr 2017 
Version:      3.0

PRODUCT AFFECTED:

This issue can affect any M/MX platform running Junos OS where DHCPv6 
subscribers are configured.

PROBLEM:

A vulnerability in processing IPv6 ND packets originating from subscribers and
destined to M/MX series routers configured with Enhanced Subscriber Management
for DHCPv6 subscribers can result in a PFE (Packet Forwarding Engine) hang or
crash.

The Enhanced Subscriber Management feature was introduced in Junos OS 15.1R3 
for M/MX-Series devices.

Devices are vulnerable only when the system configuration contains:

subscriber-management enable force

This issue does not affect devices with only IPv4 configured.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2017-2340.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 15.1R5, 16.1R3, 16.2R1 and all subsequent releases.

This issue is being tracked as PR 1212431 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

It is good security practice to limit the exploitable attack surface of 
critical infrastructure networking equipment. Use access lists or firewall 
filters to limit access to the router only from trusted, administrative 
networks or hosts.

IMPLEMENTATION:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial release.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVSS SCORE:

4.3 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

RISK LEVEL:

Medium

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --

2017-04 Security Bulletin: Junos: Integer signedness buffer overflow 
vulnerability in keyboard driver (CVE-2016-1886)

Article ID:   JSA10784
Last Updated: 12 Apr 2017
Version:      3.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS.

PROBLEM:

Incorrect signedness comparison in the ioctl(2) handler allows a malicious 
local user to overwrite a portion of the kernel memory.

A local user may crash the kernel, read a portion of kernel memory and execute
arbitrary code in kernel context.

The result of executing an arbitrary kernel code is privilege escalation.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2016-1886.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 12.3X48-D55, 14.1R9, 14.1X53-D50, 14.2R7, 15.1F5-S5, 15.1F7, 
15.1R5, 15.1X49-D60, 15.1X53-D230, 16.1R2, 16.2R1, 17.1R1, and all subsequent
releases.

This issue is being tracked as PR 1184592 and is visible on the Customer 
Support website.

WORKAROUND:

Use access lists or firewall filters to limit access to the device only from 
trusted administrative users, networks, and hosts.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial publication

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2016-1886: Integer signedness error in the genkbd_commonioctl function in
sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17,
and 10.3 before p3 allows local users to obtain sensitive information from 
kernel memory, cause a denial of service (memory overwrite and kernel crash),
or gain privileges via a negative value in the flen structure member in the 
arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack
overflow."

CVSS SCORE:

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --

2017-04 Security Bulletin: Junos: Crafted LDP packets cause a memory leak that
could lead to rpd crash (CVE-2017-2312)

Article ID:   JSA10777
Last Updated: 12 Apr 2017
Version:      2.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS with LDP 
enabled.

PROBLEM:

A specific LDP packet destined to the RE (Routing Engine) will consume a small
amount of the memory allocated for the rpd (routing protocol daemon) process.
Over time, repeatedly receiving this type of LDP packet(s) will cause the 
memory to exhaust and the rpd process to crash and restart. It is not possible
to free up the memory that has been consumed without restarting the rpd 
process. This issue affects Junos OS based devices with either IPv4 or IPv6 
LDP enabled via the [protocols ldp] configuration (the native IPv6 support for
LDP is available in Junos OS 16.1 and higher). The interface on which the 
packet arrives needs to have LDP enabled.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability,
however, the issue has been seen in a production network due to LDP packets 
originating from a different vendor's device.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2017-2312.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 13.3R10, 14.1R8, 14.2R7-S6, 14.2R8, 15.1F2-S14, 15.1F6-S4, 
15.1F7, 15.1R4-S7, 15.1R5, 15.1X49-D70, 15.1X53-D230, 15.1X53-D63, 
15.1X53-D70, 16.1R2, 16.2R1, and all subsequent releases.

This issue is being tracked as PR 1197631 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Use access lists or firewall filters to limit access to the device via LDP 
only from trusted networks or hosts, or enable MD5 authentication on all 
authorized LDP sessions.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial publication

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2017-2312: Crafted LDP packets cause memory leak that could lead to rpd 
crash

CVSS SCORE:

5.7 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

RISK LEVEL:

Medium

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --

2017-04 Security Bulletin: Junos: ICMPv6 PTB atomic fragment denial of service
attack (CVE-2016-10142)

Article ID:   JSA10780
Last Updated: 12 Apr 2017
Version:      2.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS with IPv6 
enabled.

PROBLEM:

An issue was discovered in the IPv6 protocol specification, related to ICMP 
Packet Too Big (PTB) messages. The security implications of IP fragmentation 
have been discussed at length in various RFCs. An attacker can leverage the 
generation of IPv6 atomic fragments to trigger the use of fragmentation in an
arbitrary IPv6 flow and can subsequently perform any type of 
fragmentation-based attack against legacy IPv6 nodes that do not implement RFC
6946. However, even nodes that already implement RFC 6946 can be subject to 
DoS attacks as a result of the generation of IPv6 atomic fragments.

Since most nodes are configured to reject all packets that contain fragment 
headers, as recommended in RFC 6192, if a Junos OS router emits atomic 
fragments (containing IPv6 Fragment Extension Headers) towards its legitimate
communication peer, traffic may be dropped by the peer causing a secondary 
denial of service condition.

This issue is triggered by ICMPv6 traffic destined to the device. Transit IPv6
traffic will not cause this issue to occur, and IPv4 is unaffected by this 
vulnerability.

This issue has been assigned CVE-2016-10142.

SOLUTION:

Junos OS now follows the recommendations from RFC 8021, section 4, to prevent
this issue. When such a PTB message is received, it will be ignored unless 
Junos OS is explicitly instructed to allow atomic fragments via a sysctl 
setting.

The following software releases have been updated to resolve this specific 
issue: Junos OS 12.3X48-D50, 14.1R8-S3, 14.1R9, 14.2R7-S6, 14.2R8, 15.1F2-S16,
15.1F6-S5, 15.1R4-S7, 15.1R5-S2, 15.1R6, 15.1X49-D80, 16.1R3-S3, 16.1R4-S1, 
16.1R5, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1, and all subsequent releases.

This issue is being tracked as PR 1250832 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Malicious exploitation of this vulnerability may be mitigated by employing 
anti-spoofing IP address filters and unicast reverse-path-forwarding (uRPF) 
checking to limit spoofed ICMPv6 traffic from entering your network. See BCP 
38/RFC 2827 for additional details.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial publication

RELATED LINKS:

Configuring Unicast Reverse-Path-Forwarding (uRPF) Check

KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2016-10142: ICMPv6 PTB atomic fragment denial of service attack

CVSS SCORE:

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --

2017-04 Security Bulletin: Junos: Multiple vulnerabilities in NTP [VU#633847]

Article ID:   JSA10776
Last Updated: 12 Apr 2017
Version:      2.0

PRODUCT AFFECTED:

These issues can affect any product or platform running Junos OS with NTP 
services enabled

PROBLEM:

NTP.org and FreeBSD have published security advisories for vulnerabilities 
resolved in ntpd (NTP daemon). The following is a summary of the 
vulnerabilities that may impact Junos OS:


CVE	        CVSS v2 base score	                Summary
CVE-2016-9311	7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)	ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
CVE-2016-9310	6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)	The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2015-7973	5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)	NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVE-2015-7979	5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)	NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
CVE-2016-7431	5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)	NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2015-8158	4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)	The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
CVE-2016-7429	4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)	NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVE-2016-7427	3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)	The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.

Server-side vulnerabilities are only exploitable on systems where NTP server 
is enabled within the [edit system ntp] hierarchy level.

SOLUTION:

The following software releases have been updated to resolve these specific 
issues: Junos OS 12.3X48-D45, 14.1R8-S3, 14.1R9, 14.2R7-S6, 14.2R8, 
15.1F2-S16, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6, 
15.1X49-D80, 16.1R3-S3, 16.1R4-S1, 16.1R5, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1,
and all subsequent releases.

These issues are being tracked as PRs 1234119 and 1159544, and are visible on
the Customer Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Standard security best current practices (control plane firewall filters, edge
filtering, access lists, etc.) will protect against any remote malicious 
attacks against NTP. Customers who have already applied the workaround 
described in JSA10613 are already protected against any remote exploitation of
these vulnerabilities. Refer to the Workaround section of JSA10613 for 
specific applicable mitigation techniques.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial publication

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

November 2016 ntp-4.2.8p9 NTP Security Vulnerability Announcement

FreeBSD-SA-16:09.ntp: Multiple vulnerabilities of ntp

CVSS SCORE:

6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

RISK LEVEL:

Medium

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --

2017-04 Security Bulletin: Junos: rpd crash due to crafted BGP UPDATE 
(CVE-2017-2313)

Article ID:   JSA10778
Last Updated: 12 Apr 2017
Version:      3.0

PRODUCT AFFECTED:

This issue can affect any product or platform running Junos OS 15.1 or later 
with BGP enabled

PROBLEM:

Junos OS 15.1 and later releases may be impacted by the receipt of a crafted 
BGP UPDATE which can lead to an rpd (routing process daemon) crash and 
restart. Repeated crashes of the rpd daemon can result in an extended denial 
of service condition.

This issue only affects Junos OS 15.1 and later releases. Releases prior to 
Junos OS 15.1 are unaffected by this vulnerability.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2017-2313.

SOLUTION:

The following software releases have been updated to resolve this specific 
issue: Junos OS 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 
15.1R5-S2, 15.1R6, 15.1X49-D78, 15.1X49-D80, 15.1X53-D230, 15.1X53-D63, 
15.1X53-D70, 16.1R3-S3, 16.1R4, 16.2R1-S3, 16.2R2, 17.1R1, 17.2R1, and all 
subsequent releases.

This issue is being tracked as PR 1229868 and is visible on the Customer 
Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

No published workaround exists for this issue.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in Junos are fixed in the next available Maintenance
Release of each supported Junos version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
Service Releases are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and Service 
Releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a Service Release. 
Although Juniper does not provide formal Release Note documentation for a 
Service Release, a list of "PRs fixed" can be provided on request.

MODIFICATION HISTORY:

2017-04-12: Initial publication

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2017-2313: RPD crash due to crafted BGP UPDATE

CVSS SCORE:

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWO7/2Ix+lLeg9Ub1AQjO8A//bhE24YnSy7nWY+4XciRkmH19pAkhXQuV
8b3wIG/+Bj+lDX2Ct0tfglT7vIyaz9Esp9RBXAFOWfgpmaoQuf9d6ptccjjncXtL
560Yj6j4PJWKjDbCH3IQ1fX49ijh0eT+0nGY9pyTiztDoSM3/UuMWqoQvsyjGpO4
cuKCauDjqAKpWLC7zy62fx8P1KXS4ba1yiJuszMNpIXmFqyn061v3Ehy9az8hMS6
/VVs6xE4VTExjKIBwoVFt5kWYr8MBw1LWBxegDpEpAh6KvzGskm66z/yNu0O5e0A
4pptUXdbMcsAhImDNNkVKZvuywGhZvCbFyrxDGvNwSZ6BGnjiS+j1rmUtBxq8qTq
blr25YGnedKTZj5U95SIUl73ANqMkq5hmEL7pKH5AHn8FONP7o4gOF7D+znxjiiX
mKw/djeQJln4hKxRIvVpaHUEkRKvbjkkAUFEDWghSqvavOetLW7TQx7VWM3p3v7N
ui4dQ7PjB/k6QrzcGtX8IpoAErZYlqlH/U1cpI9KKeRv3DJLMI0VxeVY6i6qN3f1
DT39GqwlsZSUtDNP1jOMVWAAoF0lC7omNIONkxA/w8RuvCJbzTtCRCfPKCL/xXr8
in2gDbDioPbGIpXatB7jUtJtZVQdAao1BwTzX3IjSLq65uSWassLgSnELbdyBx9f
FMGXikLG5gU=
=orvf
-----END PGP SIGNATURE-----