Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2675.2
IBM Security Guardium vulnerabilities
11 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Guardium
Publisher: IBM
Operating System: Linux variants
Impact/Access: Root Compromise -- Remote with User Interaction
Increased Privileges -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Create Arbitrary Files -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-5382 CVE-2018-2678 CVE-2018-2677
CVE-2018-2663 CVE-2018-2657 CVE-2018-2641
CVE-2018-2639 CVE-2018-2638 CVE-2018-2637
CVE-2018-2634 CVE-2018-2633 CVE-2018-2629
CVE-2018-2618 CVE-2018-2603 CVE-2018-2602
CVE-2018-2599 CVE-2018-2588 CVE-2018-2582
CVE-2018-2579 CVE-2018-1417 CVE-2017-13098
CVE-2017-1272
Reference: ASB-2018.0024
ESB-2018.2516
ESB-2018.2480
ESB-2018.2461
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg22016006
http://www.ibm.com/support/docview.wss?uid=swg22015896
http://www.ibm.com/support/docview.wss?uid=ibm10730661
http://www.ibm.com/support/docview.wss?uid=swg22016292
Comment: This bulletin contains four (4) IBM security advisories.
Revision History: September 11 2018: Update from vendor re Security Guardium - Document Reference 2015896
September 7 2018: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle
vulnerability
Security Bulletin
Document information
More support for: IBM Security Guardium
Software version: 9.0, 9.1, 9.5
Operating system(s): Linux
Reference #: 2016006
Modified date: 06 September 2018
Summary
IBM Security Guardium has addressed the following vulnerability.
Vulnerability Details
CVEID: CVE-2018-5382
DESCRIPTION: Bouncy Castle could allow a local attacker to obtain sensitive
information, caused by an error in the BKS version 1 keystore files. By
utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker
could exploit this vulnerability using brute-force techniques to crack a BKS-V1
keystore file in seconds and gain access to the keystore contents.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
140465 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
+---------------------------------+-----------------+
| Affected IBM Security Guardium |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium |9.0-9.5 |
+---------------------------------+-----------------+
Remediation/Fixes
+---------------------+---------------+--------------------------------------------------+
| Product | VRMF | Remediation / First Fix |
+---------------------+---------------+--------------------------------------------------+
| | |http://www.ibm.com/support/fixcentral/swg/ |
| | |quickorder-parent=IBM%20Security&product=ibm/ |
|IBM Security Guardium|9.0 - 9.5 |Information+Management/InfoSphere+Guardium&release|
| | |=9.0&platform=All&function=fixId&fixids= |
| | |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit& |
| | |includeSupersedes=0&source=fc |
+---------------------+---------------+--------------------------------------------------+
Workarounds and Mitigations
None
Change History
Sept 06, 2018: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: IBM Security Guardium is affected by a Public disclosed
vulnerability from Bouncy Castle
Security Bulletin
Document information
More support for: IBM Security Guardium
Software version: 9.0 - 9.5
Operating system(s): Linux
Reference #: 2016292
Modified date: 06 September 2018
Summary
IBM Security Guardium has addressed the following vulnerability.
Vulnerability Details
CVEID: CVE-2017-13098
DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive
information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher)
attack. By utilizing discrepancies in TLS error messages, an attacker could
exploit this vulnerability to obtain the data in the encrypted messages once
the TLS session has completed. Note: This vulnerability is also known as the
ROBOT attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136241 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
+---------------------------------+-----------------+
| Affected IBM Security Guardium |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium |9.0 - 9.5 |
+---------------------------------+-----------------+
Remediation/Fixes
+---------------------+---------------+------------------------------------------------+
| Product | VRMF | Remediation / First Fix |
+---------------------+---------------+------------------------------------------------+
| | |http://www.ibm.com/support/fixcentral/swg/ |
| | |quickorder-parent=IBM%20Security&product=ibm/ |
|IBM Security Guardium|9.0 - 9.5 |Information+Management/InfoSphere+Guardium& |
| | |release=9.0&platform=All&function=fixId&fixids= |
| | |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit|
| | |&includeSupersedes=0&source=fc |
+---------------------+---------------+------------------------------------------------+
Workarounds and Mitigations
None
Change History
Sept 06, 2018: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: IBM Security Guardium is affected by a Query Parameter in
SSL Request vulnerability
Security Bulletin
Document information
More support for: IBM Security Guardium
Software version: 9.5
Operating system(s): Linux
Reference #: 0730661
Modified date: 06 September 2018
Summary
IBM Security Guardium has addressed the following vulnerability.
Vulnerability Details
CVEID: CVE-2017-1272
DESCRIPTION: IBM Security Guardium stores sensitive information in URL
parameters. This may lead to information disclosure if unauthorized parties
have access to the URLs via server logs, referrer header or browser history.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124747 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
+--------------------------------------------+-----------------+
| Affected IBM Security Guardium |Affected Versions|
+--------------------------------------------+-----------------+
|IBM Security Guardium |9.5 |
+--------------------------------------------+-----------------+
Remediation/Fixes
+---------------------+---------------+------------------------------------------------+
| Product | VRMF | Remediation / First Fix |
+---------------------+---------------+------------------------------------------------+
| | |http://www.ibm.com/support/fixcentral/swg/ |
| | |quickorder-parent=IBM%20Security&product=ibm/ |
|IBM Security Guardium|9.5 |Information+Management/InfoSphere+Guardium& |
| | |release=9.0&platform=All&function=fixId&fixids= |
| | |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit|
| | |&includeSupersedes=0&source=fc |
+---------------------+---------------+------------------------------------------------+
Workarounds and Mitigations
None
Acknowledgement
IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John
Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
Sept 06, 2018: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security
Guardium
Document information
More support for: IBM Security Guardium
Software version: 10.0 - 10.5
Operating system(s): Linux
Reference #: 2015896
Modified date: 07 September 2018
Security Bulletin
Summary
There are multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition,
Version 6 used by IBM Security Guardium. These issues were disclosed as part of
the IBM Java SDK updates in Jan 2018.
Vulnerability Details
CVEID: CVE-2018-2579
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to obtain sensitive information resulting in a low
confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-2588
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit LDAP component could allow an authenticated
attacker to obtain sensitive information resulting in a low confidentiality
impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137841
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-2663
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to cause a denial of service resulting in a low
availability impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137917
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-2677
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded AWT component could allow an unauthenticated attacker to
cause a denial of service resulting in a low availability impact using unknown
attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137932
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-2678
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to cause a denial of service resulting in a low availability impact
using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137933
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-2602
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded I18n component could allow an unauthenticated attacker to
cause low confidentiality impact, low integrity impact, and low availability
impact.
CVSS Base Score: 4.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137854
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-2599
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to cause no confidentiality impact, low integrity impact, and low
availability impact.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137851
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVEID: CVE-2018-2603
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to cause a denial of service resulting in a low
availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-2629
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated
attacker to cause no confidentiality impact, high integrity impact, and no
availability impact.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137880
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-2657
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, JRockit Serialization component could allow an unauthenticated attacker to
cause a denial of service resulting in a low availability impact using unknown
attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137910
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-2618
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated
attacker to obtain sensitive information resulting in a high confidentiality
impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137870
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-2641
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded AWT component could allow an unauthenticated attacker to
cause no confidentiality impact, high integrity impact, and no availability
impact.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137893
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)
CVEID: CVE-2018-2582
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker
to cause no confidentiality impact, high integrity impact, and no availability
impact.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137836
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-2634
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to
obtain sensitive information resulting in a high confidentiality impact using
unknown attack vectors.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137886
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-2637
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated
attacker to cause high confidentiality impact, high integrity impact, and no
availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137889
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2018-2633
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137885
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-2638
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE Deployment component could allow an unauthenticated attacker to take control
of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137890
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-2639
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE Deployment component could allow an unauthenticated attacker to take control
of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137891
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-1417
DESCRIPTION: Under certain circumstances, a flaw in the J9 JVM allows untrusted
code running under a security manager to elevate its privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138823
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
+---------------------------------+-----------------+
| Affected IBM Security Guardium | |
| |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium | |
| |10.0-10.5 |
+---------------------------------+-----------------+
Remediation/Fixes
+----------+----------+----------------------------------------------------------------+
|Product |VRMF |Remediation/First Fix |
+----------+----------+----------------------------------------------------------------+
|IBM |10.0-10.5 |https://www-945.ibm.com/support/fixcentral/swg/selectFixes? |
|Security | |product=ibm/Information+Management/InfoSphere+Guardium&release= |
|Guardium | |All&platform=All&function=fixId&fixids= |
| | |SqlGuard_10.0p505_Bundle_Jun-24-2018&includeSupersedes=0&source=|
| | |fc |
+----------+----------+----------------------------------------------------------------+
Workarounds and Mitigations
None
Change History
July 02, 2018: Original Version Published
Sept 06, 2018: Second Version Published
Sept 07, 2018: Third Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW5cxxWaOgq3Tt24GAQidww//SP5qHjqN6WXesWkeQwwMLeEPVglAL7DK
XArzh4Kmwziewpmn+0pVT6b8/jri2+F/AC4Xoth3cI6thVa2z5DhsaAlIXpg1qhA
yjvBzNGLQsUw4WiGUNvJXW/2EcpcP83M0UWSFd3w3dMJu3jeIvPjjFzfqp5OT70s
FM0r8iLVK+sBjftBItVY2tWBMHblTk5eHpf1cZm3iiCNcKydLi4pyI8A6NJTdCBm
H/kpdqABjRnsMRT8Vy2nqibEAUnIKIfNtmhnpTOMwBXV4K+xEo8OIFtDWz0+pfEN
FNrw+oEx7q8yMKG9N+gQziD2TargRhNt3af3o2HTgNYXACkrnUp3+yPMsB0SCxWx
P/1YTkd9Sl8cDT6ns4TN6frx6aScdKwWq6IrS6d2v1SeeH4Bxz3wyGknkNKs2Lui
eOiybkj1f5Uh3FX8bWJDiA3o1o/8xMdkm7Vqt3jpUC+nsACC5+4q0VYBR0K7VNij
8wiMVqYg5bt0eUzuv2D5ahlA6zL4fjxFPT3YcftqX9gRXDBX8Cf7RF4FVL2ofuhD
lty8TSw5Ze8Ujk6bBN6qPj7ilsDNjJOTnsekhLKBH5T6XW4z+Mz2CgrsW5Gq8Q7k
qYQM3Uipt3TMhUdcH4Q7g4maDH0F6Oe9uXMywWtvFlbDjiDtb5T9F1ELgjPWHASe
ppCwsC7I6No=
=+FuQ
-----END PGP SIGNATURE-----