Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2911 Jenkins Security Advisory 2023-05-16 18 May 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Jenkins Plugins Publisher: Jenkins Operating System: UNIX variants (UNIX, Linux, OSX) Windows Resolution: Patch/Upgrade CVE Names: CVE-2023-33007 CVE-2023-33006 CVE-2023-33005 CVE-2023-33004 CVE-2023-33003 CVE-2023-33002 CVE-2023-33001 CVE-2023-33000 CVE-2023-32999 CVE-2023-32998 CVE-2023-32997 CVE-2023-32996 CVE-2023-32995 CVE-2023-32994 CVE-2023-32993 CVE-2023-32992 CVE-2023-32991 CVE-2023-32990 CVE-2023-32989 CVE-2023-32988 CVE-2023-32987 CVE-2023-32986 CVE-2023-32985 CVE-2023-32984 CVE-2023-32983 CVE-2023-32982 CVE-2023-32981 CVE-2023-32980 CVE-2023-32979 CVE-2023-32978 CVE-2023-32977 CVE-2023-2633 CVE-2023-2632 CVE-2023-2631 CVE-2023-2196 CVE-2023-2195 Original Bulletin: https://www.jenkins.io/security/advisory/2023-05-16/ Comment: CVSS (Max): 8.8 CVE-2023-32986 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Jenkins Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Jenkins Security Advisory 2023-05-16 This advisory announces vulnerabilities in the following Jenkins deliverables: o Ansible Plugin o AppSpider Plugin o Azure VM Agents Plugin o CAS Plugin o Code Dx Plugin o Email Extension Plugin o File Parameter Plugin o HashiCorp Vault Plugin o LDAP Plugin o LoadComplete support Plugin o NS-ND Integration Performance Publisher Plugin o Pipeline Utility Steps Plugin o Pipeline: Job Plugin o Reverse Proxy Auth Plugin o SAML Single Sign On(SSO) Plugin o SAML Single Sign On(SSO) Plugin o SAML Single Sign On(SSO) Plugin o Sidebar Link Plugin o Tag Profiler Plugin o TestComplete support Plugin o TestNG Results Plugin o WSO2 Oauth Plugin Descriptions Stored XSS vulnerability in Pipeline: Job Plugin SECURITY-3042 / CVE-2023-32977 Severity (CVSS): High Affected plugin: workflow-job Description: Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when "Do not allow concurrent builds" is set. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts. Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted. CSRF vulnerability in LDAP Plugin SECURITY-3046 / CVE-2023-32978 Severity (CVSS): Medium Affected plugin: ldap Description: LDAP Plugin 673.v034ec70ec2b_b_ and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. LDAP Plugin 676.vfa_64cf6b_b_002 requires POST requests for the affected form validation method. Missing permission check in Email Extension Plugin SECURITY-3088 (1) / CVE-2023-32979 Severity (CVSS): Medium Affected plugin: email-ext Description: Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. This form validation method requires the appropriate permission in Email Extension Plugin 2.96.1. CSRF vulnerability in Email Extension Plugin SECURITY-3088 (2) / CVE-2023-32980 Severity (CVSS): Medium Affected plugin: email-ext Description: Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This allows attackers to make another user stop watching an attacker-specified job. Email Extension Plugin 2.96.1 requires POST requests for the affected HTTP endpoint. Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin SECURITY-2196 / CVE-2023-32981 Severity (CVSS): Medium Affected plugin: pipeline-utility-steps Description: Pipeline Utility Steps Plugin provides the untar and unzip Pipeline steps to extract archives into job workspaces. Pipeline Utility Steps Plugin 2.15.2 and earlier does not validate or limit file paths of files contained within these archives. This allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. Pipeline Utility Steps Plugin 2.15.3 rejects extraction of files in tar and zip archives that would be placed outside the expected destination directory. Secrets stored and displayed in plain text by Ansible Plugin SECURITY-3017 / CVE-2023-32982 (storage), CVE-2023-32983 (masking) Severity (CVSS): Medium Affected plugin: ansible Description: Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551eb_f and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These extra variables can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these extra variables, increasing the potential for attackers to observe and capture them. Ansible Plugin 205.v4cb_c48657c21 masks extra variables displayed on the configuration form, and stores them encrypted once job configurations are saved again. Stored XSS vulnerability in TestNG Results Plugin SECURITY-3047 / CVE-2023-32984 Severity (CVSS): High Affected plugin: testng-plugin Description: TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file. TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files. Path traversal vulnerability in Sidebar Link Plugin SECURITY-3125 / CVE-2023-32985 Severity (CVSS): Medium Affected plugin: sidebar-link Description: Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. Sidebar Link Plugin 2.2.2 ensures that only files located within the expected userContent/ directory can be accessed. Arbitrary file write vulnerability in File Parameter Plugin SECURITY-3123 / CVE-2023-32986 Severity (CVSS): High Affected plugin: file-parameters Description: File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters. This allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. File Parameter Plugin 285.287.v4b_7b_29d3469d restricts the name (and resulting uploaded file name) of Stashed File Parameters. CSRF vulnerability in Reverse Proxy Auth Plugin SECURITY-3002 / CVE-2023-32987 Severity (CVSS): Medium Affected plugin: reverse-proxy-auth-plugin Description: Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. Reverse Proxy Auth Plugin 1.7.5 requires POST requests for the affected form validation method. Missing permission check in Azure VM Agents Plugin allows enumerating credentials IDs SECURITY-2855 (1) / CVE-2023-32988 Severity (CVSS): Medium Affected plugin: azure-vm-agents Description: Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An enumeration of credentials IDs in Azure VM Agents Plugin 853.v4a_1a_dd947520 requires Overall/Administer permission. CSRF vulnerability and missing permission checks in Azure VM Agents Plugin SECURITY-2855 (2) / CVE-2023-32989 (CSRF), CVE-2023-32990 (missing permission check) Severity (CVSS): Medium Affected plugin: azure-vm-agents Description: Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Azure VM Agents Plugin 853.v4a_1a_dd947520 requires POST requests and the appropriate permissions for the affected HTTP endpoints. CSRF vulnerability and missing permission checks in SAML Single Sign On(SSO) Plugin allow XXE SECURITY-2993 / CVE-2023-32991 (CSRF), CVE-2023-32992 (missing permission check) Severity (CVSS): High Affected plugin: miniorange-saml-sp Description: SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform permission checks in multiple HTTP endpoints. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. As the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. SAML Single Sign On(SSO) Plugin 2.1.0 requires POST requests and Overall/ Administer permission for the affected HTTP endpoints. Missing hostname validation in SAML Single Sign On(SSO) Plugin SECURITY-3001 (1) / CVE-2023-32993 Severity (CVSS): Medium Affected plugin: miniorange-saml-sp Description: SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. SAML Single Sign On(SSO) Plugin 2.1.0 performs hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata. SSL/TLS certificate validation unconditionally disabled by SAML Single Sign On (SSO) Plugin SECURITY-3001 (2) / CVE-2023-32994 Severity (CVSS): Medium Affected plugin: miniorange-saml-sp Description: SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/ TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. SAML Single Sign On(SSO) Plugin 2.2.0 performs SSL/TLS certificate validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata. CSRF vulnerability and missing permission check in SAML Single Sign On(SSO) Plugin SECURITY-2994 / CVE-2023-32995 (CSRF), CVE-2023-32996 (missing permission check) Severity (CVSS): Medium Affected plugin: miniorange-saml-sp Description: SAML Single Sign On(SSO) Plugin 2.0.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. SAML Single Sign On(SSO) Plugin 2.0.1 removes the affected HTTP endpoint. Session fixation vulnerability in CAS Plugin SECURITY-3000 / CVE-2023-32997 Severity (CVSS): High Affected plugin: cas-plugin Description: CAS Plugin 1.6.2 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. CAS Plugin 1.6.3 invalidates the existing session on login. CSRF vulnerability and missing permission checks in Code Dx Plugin SECURITY-3118 / CVE-2023-2195 (CSRF), CVE-2023-2631 (missing permission check) Severity (CVSS): Medium Affected plugin: codedx Description: Code Dx Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Code Dx Plugin 4.0.0 requires POST requests and the appropriate permissions for the affected HTTP endpoints. Missing permission checks in Code Dx Plugin SECURITY-3145 / CVE-2023-2196 Severity (CVSS): Medium Affected plugin: codedx Description: Code Dx Plugin 3.1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. Code Dx Plugin 4.0.0 requires Item/Configure permission for this form validation method and ensures that only files located within the workspace can be checked. API keys stored and displayed in plain text by Code Dx Plugin SECURITY-3146 / CVE-2023-2632 (storage), CVE-2023-2633 (masking) Severity (CVSS): Medium Affected plugin: codedx Description: Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these API keys, increasing the potential for attackers to observe and capture them. Code Dx Plugin 4.0.0 no longer stores the API keys directly, instead accessing them through its newly added Credentials Plugin integration. Affected jobs need to be reconfigured. CSRF vulnerability and missing permission check in AppSpider Plugin SECURITY-3121 / CVE-2023-32998 (CSRF), CVE-2023-32999 (missing permission check) Severity (CVSS): Medium Affected plugin: jenkinsci-appspider-plugin Description: AppSpider Plugin 1.0.15 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. AppSpider Plugin 1.0.16 requires POST requests and Overall/Administer permission for the affected form validation method. Credentials displayed without masking by NS-ND Integration Performance Publisher Plugin SECURITY-2962 / CVE-2023-33000 Severity (CVSS): Low Affected plugin: cavisson-ns-nd-integration Description: NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them. NS-ND Integration Performance Publisher Plugin 4.11.0.48 masks credentials displayed on the configuration form. Improper masking of credentials in HashiCorp Vault Plugin SECURITY-3077 / CVE-2023-33001 Severity (CVSS): Medium Affected plugin: hashicorp-vault-plugin Description: HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: o The credentials are printed in build steps executing on an agent (typically inside a node block). o Push mode for durable task logging is enabled. This is a hidden option in Pipeline: Nodes and Processes that can be enabled through the Java system property org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING. It is also automatically enabled by some plugins, e.g., OpenTelemetry and Pipeline Logging over CloudWatch. An improvement in Credentials Binding 523.525.vb_72269281873 implements a workaround that applies build log masking even in affected plugins. This workaround is temporary and potentially incomplete, so it is still recommended that affected plugins be updated to resolve this issue. As of publication of this advisory, there is no fix. Learn why we announce this. Stored XSS vulnerability in TestComplete support Plugin SECURITY-2892 / CVE-2023-33002 Severity (CVSS): High Affected plugin: TestComplete Description: TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this. CSRF vulnerability and missing permission checks in Tag Profiler Plugin SECURITY-3083 / CVE-2023-33003 (CSRF), CVE-2023-33004 (missing permission check) Severity (CVSS): Medium Affected plugin: tag-profiler Description: Tag Profiler Plugin 0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to reset profiler statistics. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. As of publication of this advisory, there is no fix. Learn why we announce this. Session fixation vulnerability in WSO2 Oauth Plugin SECURITY-2991 / CVE-2023-33005 Severity (CVSS): High Affected plugin: wso2id-oauth Description: WSO2 Oauth Plugin 1.0 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. As of publication of this advisory, there is no fix. Learn why we announce this. CSRF vulnerability in WSO2 Oauth Plugin SECURITY-2990 / CVE-2023-33006 Severity (CVSS): Medium Affected plugin: wso2id-oauth Description: WSO2 Oauth Plugin 1.0 and earlier does not implement a state parameter in its OAuth flow, a unique and non-guessable value associated with each authentication request. This vulnerability allows attackers to trick users into logging in to the attacker's account. As of publication of this advisory, there is no fix. Learn why we announce this. Stored XSS vulnerability in LoadComplete support Plugin SECURITY-2903 / CVE-2023-33007 Severity (CVSS): High Affected plugin: loadcomplete Description: LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name in its test result page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this. Severity o SECURITY-2196: Medium o SECURITY-2855 (1): Medium o SECURITY-2855 (2): Medium o SECURITY-2892: High o SECURITY-2903: High o SECURITY-2962: Low o SECURITY-2990: Medium o SECURITY-2991: High o SECURITY-2993: High o SECURITY-2994: Medium o SECURITY-3000: High o SECURITY-3001 (1): Medium o SECURITY-3001 (2): Medium o SECURITY-3002: Medium o SECURITY-3017: Medium o SECURITY-3042: High o SECURITY-3046: Medium o SECURITY-3047: High o SECURITY-3077: Medium o SECURITY-3083: Medium o SECURITY-3088 (1): Medium o SECURITY-3088 (2): Medium o SECURITY-3118: Medium o SECURITY-3121: Medium o SECURITY-3123: High o SECURITY-3125: Medium o SECURITY-3145: Medium o SECURITY-3146: Medium Affected Versions o Ansible Plugin up to and including 204.v8191fd551eb_f o AppSpider Plugin up to and including 1.0.15 o Azure VM Agents Plugin up to and including 852.v8d35f0960a_43 o CAS Plugin up to and including 1.6.2 o Code Dx Plugin up to and including 3.1.0 o Email Extension Plugin up to and including 2.96 o File Parameter Plugin up to and including 285.v757c5b_67a_c25 o HashiCorp Vault Plugin up to and including 360.v0a_1c04cf807d o LDAP Plugin up to and including 673.v034ec70ec2b_b_ o LoadComplete support Plugin up to and including 1.0 o NS-ND Integration Performance Publisher Plugin up to and including 4.8.0.149 o Pipeline Utility Steps Plugin up to and including 2.15.2 o Pipeline: Job Plugin up to and including 1292.v27d8cc3e2602 o Reverse Proxy Auth Plugin up to and including 1.7.4 o SAML Single Sign On(SSO) Plugin up to and including 2.0.2 o SAML Single Sign On(SSO) Plugin up to and including 2.1.0 o SAML Single Sign On(SSO) Plugin up to and including 2.0.0 o Sidebar Link Plugin up to and including 2.2.1 o Tag Profiler Plugin up to and including 0.2 o TestComplete support Plugin up to and including 2.8.1 o TestNG Results Plugin up to and including 730.v4c5283037693 o WSO2 Oauth Plugin up to and including 1.0 Fix o Ansible Plugin should be updated to version 205.v4cb_c48657c21 o AppSpider Plugin should be updated to version 1.0.16 o Azure VM Agents Plugin should be updated to version 853.v4a_1a_dd947520 o CAS Plugin should be updated to version 1.6.3 o Code Dx Plugin should be updated to version 4.0.0 o Email Extension Plugin should be updated to version 2.96.1 o File Parameter Plugin should be updated to version 285.287.v4b_7b_29d3469d o LDAP Plugin should be updated to version 676.vfa_64cf6b_b_002 o NS-ND Integration Performance Publisher Plugin should be updated to version 4.11.0.48 o Pipeline Utility Steps Plugin should be updated to version 2.15.3 o Pipeline: Job Plugin should be updated to version 1295.v395eb_7400005 o Reverse Proxy Auth Plugin should be updated to version 1.7.5 o SAML Single Sign On(SSO) Plugin should be updated to version 2.1.0 o SAML Single Sign On(SSO) Plugin should be updated to version 2.2.0 o SAML Single Sign On(SSO) Plugin should be updated to version 2.0.1 o Sidebar Link Plugin should be updated to version 2.2.2 o TestNG Results Plugin should be updated to version 730.732.v959a_3a_a_eb_a_72 These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated. As of publication of this advisory, no fixes are available for the following plugins: o HashiCorp Vault Plugin o LoadComplete support Plugin o Tag Profiler Plugin o TestComplete support Plugin o WSO2 Oauth Plugin Learn why we announce these issues. Credit The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities: o Alvaro Munoz (@pwntester), GitHub Security Lab for SECURITY-3118, SECURITY-3121 o Daniel Beck, CloudBees, Inc. for SECURITY-2962 o Kevin Guerroudj, CloudBees, Inc. for SECURITY-2990, SECURITY-2991, SECURITY-2994, SECURITY-3000, SECURITY-3017, SECURITY-3042, SECURITY-3046, SECURITY-3145 o Kevin Guerroudj, CloudBees, Inc. and Yaroslav Afenkin, CloudBees, Inc. for SECURITY-3002 o Kevin Guerroudj, CloudBees, Inc. and, independently, Alvaro Munoz (@pwntester), GitHub Security Lab for SECURITY-2993 o Tony Torralba (@atorralba), GitHub Security Lab for SECURITY-3123, SECURITY-3125 o Trung Pham, and, independently, Tony Torralba (@atorralba), GitHub Security Lab for SECURITY-2196 o Valdes Che Zogou for SECURITY-3047 o Valdes Che Zogou, CloudBees, Inc. for SECURITY-2855 (1), SECURITY-2855 (2), SECURITY-2892 o Yaroslav Afenkin, CloudBees, Inc. for SECURITY-2903, SECURITY-3001 (1), SECURITY-3001 (2), SECURITY-3083, SECURITY-3146 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZGXNZMkNZI30y1K9AQjMIhAAnrV2cJuonn71Z8TAX4FDg1K9Hcb1MAT/ GBSInLJs9+c0pJTFqfM//od5iNcziep2VpqiGWQx3UGzL/WM0piWe4uDumOKb1Ju mwB3ME733igFPVZ47YOkIiF1AT64ZeLaMb3ezPfbMl9jUf+qYB9lkNym+dCWOMhx 1qOKKd7NGt5ISrmq9C70vgsLz74x6QcxqbZTnV3AV/76NPqhJLJ4MSNUEeBSC8A0 nLyVzPO3beP92/ZKnLasHy12ps092PP3jPzxag3v67BCYnbFBddR2ifSXZQRuX5s d67EMxUDcVpub1NfJf64MVm20ZHO7YoNGXchJZNQrJa6F87pS02V30Iu2sE2Kolr mv97Cy+6Y10aK3trYinxXXXCC7AKobXYq6LuzRASmG/Z4Jk/9n43+Dlp5Ri1Gj28 nhTRQrNSrNypOkNeNNgJZ2IEp36dfTOi+GoagSuZUpABSyrl9Rbh3mmcBrBF9rYL HvLKcoevWIApinYbIxd+b2GCEZ7JtSAVt5jZWPn+1cdT05efbGIbpHwOcp/Qg4DQ BJaoaYx+vWrOT4t6lEr0BQGhO9KQkPkfg+7laTkxFB0NYy2O+FYD3rpZ3Wjzb8Am 8u4PKZ9u01uh6DfLTNiGps8ao2Rc9Z/1GGSmlUS49AtW0blmMwp2fHQLDco6jR+H W2oTsufMsFg= =8bXE -----END PGP SIGNATURE-----