Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1334 PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS 1 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PAN-OS Publisher: Palo Alto Networks Operating System: Network Appliance Resolution: None CVE Names: CVE-2023-1829 CVE-2023-42753 CVE-2023-4623 CVE-2023-0386 CVE-2023-45284 CVE-2023-45283 CVE-2022-0847 CVE-2022-2588 CVE-2023-45871 CVE-2022-22817 CVE-2022-30634 CVE-2022-29804 CVE-2023-5633 CVE-2023-4622 CVE-2023-4208 CVE-2023-4207 CVE-2023-4206 CVE-2020-25717 CVE-2021-20325 CVE-2023-35001 CVE-2023-6546 CVE-2022-41222 CVE-2023-34059 CVE-2023-34058 CVE-2021-4083 CVE-2021-33034 CVE-2021-32399 CVE-2022-45199 CVE-2021-27365 CVE-2021-27364 CVE-2022-1729 CVE-2021-33909 CVE-2021-33910 CVE-2022-38023 CVE-2022-31676 CVE-2022-2639 CVE-2022-2526 CVE-2021-37576 CVE-2021-22543 CVE-2021-43267 CVE-2021-22555 CVE-2022-25636 CVE-2023-3776 CVE-2023-0461 CVE-2023-23931 CVE-2023-5178 CVE-2022-31628 CVE-2021-44790 CVE-2023-4004 CVE-2021-26708 CVE-2023-35788 CVE-2023-38408 CVE-2022-22942 CVE-2022-0330 CVE-2021-3609 CVE-2020-12362 CVE-2023-40217 CVE-2022-31626 CVE-2022-31625 CVE-2021-25217 CVE-2020-36385 CVE-2022-0185 CVE-2021-4155 CVE-2021-4154 CVE-2021-3501 CVE-2023-3390 CVE-2022-2964 CVE-2023-4921 CVE-2023-3090 CVE-2020-25211 CVE-2017-18342 CVE-2020-13757 CVE-2022-29217 CVE-2023-2235 CVE-2022-32250 CVE-2022-40897 CVE-2022-1158 CVE-2023-51781 CVE-2023-46324 CVE-2021-0920 CVE-2023-6817 CVE-2023-1281 CVE-2023-3812 CVE-2021-3347 CVE-2022-42898 CVE-2022-41716 CVE-2020-12321 CVE-2021-21708 CVE-2023-3611 CVE-2023-3609 CVE-2022-45198 CVE-2017-8923 CVE-2021-0512 CVE-2022-0492 CVE-2022-37454 CVE-2023-32233 CVE-2017-9120 CVE-2021-21706 CVE-2023-31436 CVE-2023-25690 CVE-2022-4378 CVE-2022-4139 CVE-2023-20900 CVE-2021-4028 CVE-2022-0516 CVE-2020-29661 CVE-2020-0466 CVE-2022-27666 Original Bulletin: https://securityadvisories.paloaltonetworks.com/PAN-SA-2024-0001 Comment: CVSS (Max): 9.8 CVE-2023-5178 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Google Inc., [NIST], Internet Systems Consortium (ISC), VMware, Microsoft Corporation Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H The following are listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog: CISA KEV CVE(s): CVE-2022-0847 CVE-2021-0920 CISA KEV URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog *Palo Alto classifies this bulletin as 'Informational' and notes: "While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted." - --------------------------BEGIN INCLUDED TEXT-------------------- Palo Alto Networks Security Advisories / PAN-SA-2024-0001 PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS [INFO] Informational JSON Published 2024-02-14 Updated Reference Description The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the affected OSS package, PAN-OS does not offer any scenarios required for an attacker to successfully exploit these vulnerabilities and is not impacted. CVE Summary This issue is only practical to exploit only when the memory CVE-2017-8923 limit is raised from its default to a value larger than 2 GiB. PAN-OS limits it to 128MB. CVE-2017-9120 This only impacts PHP scripts calling mysqli_real_escape_string (). PAN-OS does not make use of this function. CVE-2017-18342 Prerequisites for exploitating the vulnerable function do not exist on PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2020-0466 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2020-12321 This only impacts some Intel Wireless Bluetooth devices, which are not part of any products. CVE-2020-12362 This only impacts Intel(R) Graphics Drivers for Windows. Does not affect PAN-OS. CVE-2020-13757 The vulnerable API isn't used in PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2020-25211 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Though PAN-OS software contains Samba packages, there isn't a CVE-2020-25717 Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2020-29661 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2020-36385 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-0512 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-0920 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-3347 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-3501 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-3609 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-4028 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-4083 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-4154 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-4155 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2021-20325 The affected components are not present or not used in PAN-OS. CVE-2021-21706 This is a Windows-specific vulnerability, and does not impact PAN-OS. CVE-2021-21708 This only affects PHP scripts that use FILTER_VALIDATE_FLOAT. PAN-OS does not make use of this function. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-22543 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-22555 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2021-25217 Prerequities for this CVE do not exist on PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-26708 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-27364 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-27365 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-32399 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-33034 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-33909 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2021-33910 The vulnerable systemd software is not included in PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2021-37576 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2021-43267 The affected functionality does not exist in the kernel version used by PAN-OS. CVE-2021-44790 PAN-OS does not use the vulnerable mod_lua or proxy forwarding. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-0185 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-0330 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-0492 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-0516 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-0847 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-1158 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-1729 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2022-2526 The vulnerable systemd software is not included in PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-2588 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-2639 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-2964 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-4139 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-4378 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2022-22817 PAN-OS does not make use of the ImageMath module. Therefore, its eval() method is never called. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-22942 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-25636 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-27666 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2022-29217 The vulnerable package is not used in PAN-OS. CVE-2022-29804 The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. CVE-2022-30634 The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. CVE-2022-31625 PAN-OS does not use the affected PostgreSQL extension. CVE-2022-31626 PAN-OS does not make use of the vulnerable PHP PDO MySQL driver and hence not impacted. CVE-2022-31628 PAN-OS does not make use of the vulnerable phar functionality. CVE-2022-31676 There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-32250 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. This issue is only practical to exploit only when the memory CVE-2022-37454 limit is raised from its default to a value larger than 4 GiB. PAN-OS has safer and restricted limits that do not enable exploting this vulnerability. Though PAN-OS software contains Samba packages, there isn't a CVE-2022-38023 Samba file and print server that runs in PAN-OS software. This CVE can not be exploited on PAN-OS. CVE-2022-40897 PAN-OS does not allow customers to install custom packages. Exploit requires shell access on PAN-OS, or ability to run CVE-2022-41222 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2022-41716 The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. CVE-2022-42898 The vulnerable function/feature krb5_pac_parse() is not called from PAN-OS. The GIF images that are processed come with PAN-OS and cannot be CVE-2022-45198 submitted through any form of user input, so this is not exploitable. The TIFF images that are processed come with PAN-OS and cannot CVE-2022-45199 be submitted through any form of user input, so this is not exploitable. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-0386 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-0461 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-1281 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-1829 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-2235 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3090 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3390 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3609 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3611 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3776 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-3812 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4004 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4206 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4207 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4208 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4622 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4623 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-4921 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-5178 The affected kernel component is not used by PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-5633 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-6546 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-6817 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-20900 There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. CVE-2023-23931 The vulnerable functions/features are not used in PAN-OS. Prerequities for this CVE do not exist on PAN-OS. CVE-2023-25690 PAN-OS does not use the vulnerable component mod_proxy or mod_rewrite. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-31436 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-32233 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-34058 There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. CVE-2023-34059 There are no scenarios that enable successful exploitation of this vulnerability on PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-35001 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-35788 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-38408 This issue affects ssh-agent, which is not used or enabled in PAN-OS. CVE-2023-40217 The vulnerable Python features are not used in PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-42753 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-45283 The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. CVE-2023-45284 The CVE is specific to the Go distribution on Windows. Does not apply to PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-45871 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. CVE-2023-46324 The affected component is not used in PAN-OS. Exploit requires shell access on PAN-OS, or ability to run CVE-2023-51781 arbitrary binaries. This is not possible on PAN-OS as only Palo Alto Network's signed binaries and scripts can be run. System enters maintenance mode if system files are tampered with. Product Status Versions Affected Unaffected PAN-OS None All Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products. Solution No software updates are required at this time. Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions (C) 2024 Palo Alto Networks, Inc. All rights reserved. - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================