Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2630.2 Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability 10 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Firepower Extensible Operating System Cisco NX-OS Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3883 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty Revision History: November 10 2017: Brought up-to-date to Release Version 2.3 October 19 2017: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability High Advisory ID: cisco-sa-20171018-aaavty First Published: 2017 October 18 16:00 GMT Last Updated: 2017 November 9 19:37 GMT Version 2.3: Final Workarounds: Yes Cisco Bug IDs: CSCuq58760 CSCuq71257 CSCur97432 CSCus05214 CSCux54898 CSCvb93995 CSCvc33141 CSCvd36971 CSCve03660 CSCvg41173 CVE-2017-3883 CWE-399 CVSS Score: Base 8.6[blue-squar]Click Icon to Copy Verbose Score CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. Note: Previous versions of this advisory recommended upgrading the Cisco NX-OS Software Release and configuring the login block-for CLI command to prevent this vulnerability. Cisco has since become aware that the login block-for CLI command may not function as desired in all cases. This does not apply to Cisco FXOS. Please refer to the Details section for additional information. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20171018-aaavty Affected Products o Vulnerable Products This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall Firepower 9300 Security Appliance Multilayer Director Switches Nexus 1000V Series Switches Nexus 1100 Series Cloud Services Platforms Nexus 2000 Series Switches Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5000 Series Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Switches in NX-OS mode Nexus 9500 R-Series Line Cards and Fabric Modules Unified Computing System (UCS) 6100 Series Fabric Interconnects UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects Cisco NX-OS Software To determine whether a device that is running Cisco NX-OS System Software is configured for AAA, administrators can use the show running-config | include aaa command from the Cisco NX-OS CLI and verify that there are aaa commands configured on the device. The following example shows sample output from a typical NX-OS AAA configuration: nx-os-switch# show running-config | include aaa aaa group server tacacs+ <group name> aaa authentication login default group <group name> aaa authentication login console local aaa accounting default group <group name> To determine whether a device is running a vulnerable release of Cisco NX-OS System Software, administrators can use the show version command in the Cisco NX-OS CLI. The following example shows the output of that command for a device that is running Cisco NX-OS System Software Release 6.2(10): nxos-switch# show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home. html Copyright (c) 2002-2015, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php Software BIOS: version 2.12.0 kickstart: version 6.2(10) system: version 6.2(10) . . . Cisco FXOS In Cisco FXOS, AAA authentication is configured with the scope tacacs, scope radius, or scope ldap CLI commands. The presence of these commands in the device configuration indicates that the device is vulnerable. For additional information about AAA configuration for FXOS-based devices, refer to Cisco FXOS CLI Configuration Guide. To determine whether a device is running a vulnerable release of Cisco FXOS, administrators can use the show version command in the Cisco FXOS CLI. The following example shows the output of that command for a device that is running Cisco FXOS Release 2.2(1.70) on the Firepower 4100 Series Next-Generation Firewall hardware platform: fp4100# show version FPRM: Running-Vers: 4.2(1.65) Package-Vers: 2.2(1.70) Activate-Status: Ready Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Nexus 4000 Series Switches Nexus 9000 Series Switches in Application Centric Infrastructure (ACI) mode Note: The Nexus 4000 Series Switch has entered the end-of-life phase. Refer to End-of-Sale and End-of-Life Announcement for the Cisco Nexus 4000 Series Switch Modules for IBM BladeCenter for additional information. Details o Cisco NX-OS System Software To prevent exploitation of this vulnerability, customers should upgrade to a release of Cisco NX-OS System Software that supports secure login enhancements and configure login parameters for the software by using the login block-for command in the Cisco NX-OS CLI. Customers who cannot upgrade to or access a Cisco NX-OS System Software image that supports secure login enhancements should implement the workarounds described in this advisory. The following example shows how to use the login block-for command to configure a device to go into quiet mode for 45 seconds if three failed interactive attempts are made within 60 seconds: login block-for 45 attempts 3 within 60 The system keyword is needed on the Cisco Nexus 3000 and 9000 Series Switches: system login block-for 45 attempts 3 within 60 For more information about configuring login parameters and the login block-for command, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide or Cisco Nexus 9000 Series NX-OS Security Configuration Guide. This vulnerability is prevented only by configuring the login block-for CLI command; otherwise, the device remains vulnerable regardless of the software release the Cisco NX-OS platform is running. Update: The login block-for CLI command may not function as desired on the following Cisco NX-OS platforms. Nexus 2000 Series Switches Nexus 3500 Platform Switches Nexus 5000 Series Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches For these platforms, it is recommended to not configure the login block-for CLI command and instead refer to the Workarounds section until fixed software becomes available. The login block-for command does work as expected on the following Cisco NX-OS platforms as of the first fixed release recommended in this advisory: Multilayer Director Switches Nexus 3000 Series Switches Nexus 3600 Platform Switches Nexus 9000 Series Switches in NX-OS mode Nexus 9500 R-Series Line Cards and Fabric Modules Unified Computing System (UCS) 6100 Series Fabric Interconnects UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects Cisco FXOS On Cisco FXOS platforms, Firepower 4100 Series Next-Generation Firewall, and 9300 Security Appliance, the DoS condition was prevented by adding an internal throttling mechanism for the remote brute-force attack condition. This mechanism does not require users to configure it. Indicators of Compromise o On both Cisco FXOS and NX-OS System Software, the AAA-related processes could restart and generate a core file. This indicator will be accompanied by many failed login attempts, indicating that a brute-force attack may be underway. Contact the Cisco Technical Assistance Center (TAC) to review any AAA-related core and system log files to determine whether the device has been compromised by exploitation of this vulnerability. Workarounds o Cisco NX-OS System Software Configuring a vty Access Class On some platforms that are running Cisco NX-OS System Software, it is possible to limit exposure of an affected device by creating a vty access-control list (ACL) on the device and configuring the ACL to permit only known, trusted devices to connect to the device via Telnet and Secure Shell (SSH). Note: 1. This workaround is not available on some platforms that are running Cisco NX-OS, and should be used only where applicable. 2. There is no Cisco UCS workaround that addresses this vulnerability. 3. The ACL in this example is for IPv4. This vulnerability can also be exploited against IPv6 interfaces. If the NX-OS device is configured for IPv6, the same ACL should be configured for the IPv6 address range. The following example shows an ACL that permits access to vtys from the 192.168.1.0/24 netblock and the single IP address 172.16.1.2 while denying access from all other addresses: ip access-list vtyacl 10 permit tcp 192.168.1.0/24 172.16.1.2/32 line vty access-class vtyacl in For more information about restricting traffic to vtys, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide. It is considered a best practice for an NX-OS device to have a vty ACL configured. Refer to Cisco Guide to Securing Cisco NX-OS Software Devices for additional information about hardening Cisco NX-OS devices. Cisco FXOS On Cisco FXOS platforms, it is possible to limit the exposure of an affected device by using the ip-block command to permit only known, trusted hosts to connect to the device via SSH. The following example show only a subset of IPv4 and IPv6 hosts being permitted to connect via SSH. scope system scope services create ip-block 11.1.1.1 24 ssh create ipv6-block 2014::10:76:78:107 64 ssh commit-buffer For more information about configuring Cisco FXOS IP Access Lists see the "Configure the IP Access List" section of the Cisco FXOS CLI Configuration Guide. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: http://www.cisco.com/c/en/us/td/docs/general/warranty/ English/EU1KEN_.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: http://www.cisco.com/en /US/support/tsd_cisco_worldwide_contacts.html. Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers should upgrade to an appropriate release as indicated in the following Cisco product tables. Please note that on the Cisco NX-OS platforms, this vulnerability can still be exploited unless the CLI command login block-for is configured. The login block-for command should be configured only on the NX-OS platforms that have fixed software available in the following tables. Firepower 4100 Series Next-Generation Firewall: CSCve03660 +-----------------------------------------+---------------------------+ | Cisco FXOS Major Release - Firepower | First Fixed Release | | 4100 | | +-----------------------------------------+---------------------------+ | Prior to 2.3 | Affected; migrate to | | | 2.3.1 | +-----------------------------------------+---------------------------+ | 2.3 | 2.3.1 (future release) | +-----------------------------------------+---------------------------+ Firepower 9300 Security Appliance: CSCve03660 +-----------------------------------------+---------------------------+ | Cisco FXOS Major Release - Firepower | First Fixed Release | | 9300 | | +-----------------------------------------+---------------------------+ | Prior to 2.3 | Affected; migrate to | | | 2.3.1 | +-----------------------------------------+---------------------------+ | 2.3 | 2.3.1 (future release) | +-----------------------------------------+---------------------------+ MDS 9000 Series Multilayer Director Switches: CSCvc33141 +---------------------------+-----------------------------------------+ | Cisco NX-OS Software | First Fixed Release | | Major Release - MDS | | +---------------------------+-----------------------------------------+ | 5.2 | Affected; migrate to 7.3(1)DY(1) | +---------------------------+-----------------------------------------+ | 6.2 | Affected; migrate to 7.3(1)DY(1) | +---------------------------+-----------------------------------------+ | 6.3 | Affected; migrate to 7.3(1)DY(1) | +---------------------------+-----------------------------------------+ | 7.3 | 7.3(1)DY(1) | +---------------------------+-----------------------------------------+ | 8.1 | Not vulnerable when the login block-for | | | command is configured. | +---------------------------+-----------------------------------------+ | 8.2 | Not vulnerable when the login block-for | | | command is configured. | +---------------------------+-----------------------------------------+ Nexus 1000V Series Switches and Nexus 1100 Series Cloud Services Platforms: CSCux54898 +--------------------------------------------------------+------------+ | Cisco NX-OS Software Major Release - Nexus 1000V | First | | Series Switches and Nexus 1100 Series Cloud Services | Fixed | | Platforms | Release | +--------------------------------------------------------+------------+ | Prior to 4.2 | No fix | | | available | +--------------------------------------------------------+------------+ | 5.2 | No fix | | | available | +--------------------------------------------------------+------------+ Nexus 3000 Series Switches: CSCus05214 and CSCvb93995 +-----------------------------------------+---------------------------+ | Cisco NX-OS Software Major Release - | First Fixed Release | | Nexus 3000 Series Switches | | +-----------------------------------------+---------------------------+ | Prior to 6.0 | Affected; migrate to 7.0 | | | (3)I6(1) or later | +-----------------------------------------+---------------------------+ | 6.0 | 7.0(3)I6(1) or later | +-----------------------------------------+---------------------------+ | 7.0 | 7.0(3)I6(1) or later | +-----------------------------------------+---------------------------+ Nexus 3500 Platform Switches: CSCus05214 and CSCvb93995 +-----------------------------------------+---------------------------+ | Cisco NX-OS Software Major Release - | First Fixed Release | | Nexus 3500 Platform Switches | | +-----------------------------------------+---------------------------+ | Prior to 6.0 | Affected; migrate to 6.0 | | | (2)A8(8) or later | +-----------------------------------------+---------------------------+ | 6.0 | 6.0(2)A8(8) [Target | | | November 2017] | +-----------------------------------------+---------------------------+ Nexus 2000, 5000, 5500, 5600, and 6000 Series Switches: CSCuq71257 and CSCvg41173 +---------------------------------------------------+-----------------+ | Cisco NX-OS Software Major Release - Nexus 5000 | First Fixed | | Series Switches | Release | +---------------------------------------------------+-----------------+ | Prior to 5.2 | No fix | | | available | +---------------------------------------------------+-----------------+ | 5.2 | No fix | | | available | +---------------------------------------------------+-----------------+ +------------------------------------------------+--------------------+ | Cisco NX-OS Software Major Release - Nexus | First Fixed | | 2000, 5500, 5600, and 6000 Series Switches | Release | +------------------------------------------------+--------------------+ | Prior to 5.2 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | 5.2 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | 6.0 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | 7.0 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | 7.1 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | 7.2 | Affected; migrate | | | to 7.3(3)N1(1) | +------------------------------------------------+--------------------+ | | 7.3(3)N1(1) | | 7.3 | [Target April | | | 2018] | +------------------------------------------------+--------------------+ Nexus 7000 and 7700 Series Switches: CSCuq58760 and CSCvb93995 +-----------------------------------+---------------------------------+ | Cisco NX-OS Software Major | First Fixed Release | | Release - Nexus 7000 and 7700 | | | Series Switches | | +-----------------------------------+---------------------------------+ | Prior to 5.2 | Affected; migrate to 6.2(20) | | | or 7.3(2)D1(2) | +-----------------------------------+---------------------------------+ | 5.2 | Affected; migrate to 6.2(20) | | | or 7.3(2)D1(2) | +-----------------------------------+---------------------------------+ | 6.0 | Affected; migrate to 6.2(20) | | | or 7.3(2)D1(2) | +-----------------------------------+---------------------------------+ | 6.1 | Affected; migrate to 6.2(20) | | | or 7.3(2)D1(2) | +-----------------------------------+---------------------------------+ | 6.2 | 6.2(20) [Target November 2017] | +-----------------------------------+---------------------------------+ | | Affected; migrate to 7.2(3)D1 | | 7.2 | (1) [Target March 2018] or 7.3 | | | (2)D1(2) | +-----------------------------------+---------------------------------+ | 7.3 | 7.3(2)D1(2) [Target November | | | 2017] | +-----------------------------------+---------------------------------+ | 8.0 | 8.0(2) [Target March 2018] | +-----------------------------------+---------------------------------+ | 8.1 | 8.1(2) [Target January 2018] | +-----------------------------------+---------------------------------+ | 8.2 | 8.2(2) [Target April 2018] | +-----------------------------------+---------------------------------+ Nexus 9000 Series Switches: CSCuq58760 and CSCvb93995 +-----------------------------------------+---------------------------+ | Cisco NX-OS Software Major Release - | First Fixed Release | | Nexus 9000 Series Switches | | +-----------------------------------------+---------------------------+ | 6.1 | Affected; migrate to 7.0 | | | (3)I6(1) or later | +-----------------------------------------+---------------------------+ | 7.0 | 7.0(3)I6(1) or later | +-----------------------------------------+---------------------------+ Nexus 9500 R-Series Line Cards and Fabric Modules and Nexus 3600 Platform Switches: CSCuq58760 +------------------------------------------------------+--------------+ | Cisco NX-OS Software Major Release - Nexus 9500 | First Fixed | | R-Series and Nexus 3600 Platform Switches | Release | +------------------------------------------------------+--------------+ | 7.0 | 7.0(3)F3(1) | | | or later | +------------------------------------------------------+--------------+ UCS 6100, 6200, and 6300 Fabric Interconnects: CSCur97432^1 +---------------------------+-----------------------------------------+ | Cisco NX-OS Software | First Fixed Release | | Major Release - UCS | | +---------------------------+-----------------------------------------+ | Prior to 2.2 | Affected; migrate to 2.2(6c) or later | +---------------------------+-----------------------------------------+ | 2.2 | 2.2(6c) or later | +---------------------------+-----------------------------------------+ | 2.5 | Not vulnerable when the login block-for | | | command is configured. | +---------------------------+-----------------------------------------+ | 3.0 | Affected; migrate to 3.1(2b) or later | +---------------------------+-----------------------------------------+ | 3.1 | 3.1(2b) or later | +---------------------------+-----------------------------------------+ | 3.2 | Not vulnerable when the login block-for | | | command is configured. | +---------------------------+-----------------------------------------+ ^1The fix for Cisco bug ID CSCur97432 for Cisco UCS 6100, 6200, and 6300 Fabric Interconnects implemented the login block-for command. This fix was found to be incomplete, and brute-force attacks that occur over many hours could still cause a device to reset. Cisco bug ID CSCvd36971 tracks this remaining vulnerability, and the full fix is targeted for future software release 3.2(3). Cisco NX-OS Release Recommendations For additional assistance in determining the best Cisco NX-OS System Software release for a Cisco Nexus Switch, refer to the recommended release document for the switch: Cisco Multilayer Director Switches Cisco Nexus 1000V for VMware Switches Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches To determine the best Cisco NX-OS System Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20171018-aaavty Revision History o +---------+------------------------+--------------+--------+------------------+ | Version | Description | Section | Status | Date | +---------+------------------------+--------------+--------+------------------+ | | Added the 3600 | | | | | | platform to vulnerable | Affected | | | | | products. Added target | Products, | | | | 2.3 | dates for some | Details, and | Final | 2017-November-09 | | | platforms that do not | Fixed | | | | | have current code | Software | | | | | fixes. | | | | +---------+------------------------+--------------+--------+------------------+ | | Clarified further that | | | | | 2.2 | the login block-for | Fixed | Final | 2017-November-03 | | | command is required to | Software | | | | | not be vulnerable. | | | | +---------+------------------------+--------------+--------+------------------+ | | Added fixed software | | | | | | for N3K and N9K. | Details and | | | | 2.1 | Removed the fixed | Fixed | Final | 2017-November-01 | | | release tables for | Software | | | | | platforms without | | | | | | fixes. | | | | +---------+------------------------+--------------+--------+------------------+ | | Added information | Summary, | | | | | about new bugs to | Details, and | | | | 2.0 | track fixes to the | Fixed | Final | 2017-October-27 | | | login block-for | Software | | | | | command. | | | | +---------+------------------------+--------------+--------+------------------+ | | Added information | | | | | | about the use of the | Details, | | | | | CLI command to prevent | Workarounds, | | | | 1.1 | the device from being | and Fixed | Final | 2017-October-18 | | | vulnerable. Added a | Software | | | | | workaround for Cisco | | | | | | FXOS. | | | | +---------+------------------------+--------------+--------+------------------+ | 1.0 | Initial public | -- | Final | 2017-October-18 | | | release. | | | | +---------+------------------------+--------------+--------+------------------+ Legal Disclaimer o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWgUwIYx+lLeg9Ub1AQhebg//WlBAoEWUIWeprddSaOYYIqx7j4Q2TNIe MwML/oBVpLd7mRrZr/qGmG19JCDbkgVpmsiY7ifteHlRnEHlDUfKTl7AJL9gbFnP y1CeqT4i/YeBQudFMefl1NVB9XPxBp2PONQ4lyMwFwk6lqF52ipLLX01zd29nzth oBSMUXk6FkPVE0BGOaVoBpZyXZfgq07GNLhp+WLBDfDYEtwBPuu7ugWzJFLdzHop 143KdyoFR3hDujpRNwB3UDVA9JhjUSXJXepO3XKQ1tm20dey2CiPHVRjDwGawMBB gbI3cFBCsuZY9VXQbqTbRE64fGuMj+BTX2oVhDxeAXmmS3iOY/8q/gFEb+wACISI d6ELtRgMrLSNU5LeCcb0q0Op4gswzHgAqn80sevsA9MYHvhrNj4fgWdEQooAlFXv Z1K9E2X0esLMJ5TFA2lDIJYGPbembDSVKgIbP6yhP+H8IYFuKFU/JCcv2ICna9AS 2CaXY2mb+idrgXyhg3ZtW0jj5EvquA65AKKSkQDFZYj9WY5tSIU+D/ulvwcIncza 5a6v1l9pBbbrBJqpDXyaFC1b9DoCg+YKEUeChK1aJoOWtlvKOwYCtYoqA2KGeMTB 9UJKlKQNz8nsDLpLCkzF/ps4qBGmK+R51kFPa9sA32xv4U02FoURWJ9EYPmwTFck vAqOW8hfKx4= =3fAR -----END PGP SIGNATURE-----