Date: 06 May 2013
References: ASB-2013.0013 ASB-2013.0025 ASB-2013.0034 ESB-2013.0496 ESB-2013.0546 ESB-2013.0548 ESB-2013.0601 ESB-2013.0629 ESB-2013.0634 ESB-2013.0642
ESB-2013.0648 ESB-2013.0652
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0636
IBM WebSphere Message Broker Security Vulnerability:
Multiple security vulnerabilities in IBM JREs 5 & 6
6 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM WebSphere Message Broker
Publisher: IBM
Operating System: AIX
Linux variants
HP-UX
Solaris
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Overwrite Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1493 CVE-2013-1487 CVE-2013-1486
CVE-2013-1481 CVE-2013-1480 CVE-2013-1478
CVE-2013-1476 CVE-2013-1475 CVE-2013-1473
CVE-2013-0809 CVE-2013-0450 CVE-2013-0446
CVE-2013-0445 CVE-2013-0443 CVE-2013-0442
CVE-2013-0441 CVE-2013-0440 CVE-2013-0438
CVE-2013-0435 CVE-2013-0434 CVE-2013-0433
CVE-2013-0432 CVE-2013-0428 CVE-2013-0427
CVE-2013-0426 CVE-2013-0425 CVE-2013-0424
CVE-2013-0423 CVE-2013-0419 CVE-2013-0409
CVE-2013-0351 CVE-2012-3342 CVE-2012-3213
CVE-2012-1541
Reference: ASB-2013.0034
ASB-2013.0025
ASB-2013.0013
ESB-2013.0634
ESB-2013.0629
ESB-2013.0601
ESB-2013.0548
ESB-2013.0546
ESB-2013.0496
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21635160
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM WebSphere Message Broker Security Vulnerability: Multiple security
vulnerabilities in IBM JREs 5 & 6
Flash (Alert)
Document information
WebSphere Message Broker
Broker
Software version:
6.1, 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4, 7.0.0.5, 8.0, 8.0.0.1, 8.0.0.2
Operating system(s):
AIX, HP-UX on Itanium, HP-UX on PA-RISC, Linux, Linux SUSE - pSeries,
Linux SUSE - xSeries, Linux SUSE - zSeries, Linux SUSE -zSeries, Linux pSeries,
Solaris, Windows
Reference #:
1635160
Modified date:
2013-05-02
Abstract
Multiple security vulnerabilities exist in the IBM Java Runtime Environment
component of WebSphere Message Broker for IBM JRE 5.0 SR15 (and earlier) and
IBM JRE 6.0 SR12 (and earlier)
Content
VULNERABILITY DETAILS
CVE ID:
CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,
CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,
CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434,
CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442,
CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809,
CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,
CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493
DESCRIPTION:
There are multiple security vulnerabilities in the IBM Java Runtime Environment
component of IBM WebSphere Message Broker. All are applicable to both IBM JRE
5.0 and IBM JRE 6.0 except where indicated.
CVE-2012-1541 (CVSS 10) - IBM JRE 6.0 only
CVE-2012-3213 (CVSS 10) - IBM JRE 6.0 only
CVE-2012-3342 (CVSS 10) - IBM JRE 6.0 only
CVE-2013-0351 (CVSS 7.5) - IBM JRE 6.0 only
CVE-2013-0409 (CVSS 5)
CVE-2013-0419 (CVSS 7.6)
CVE-2013-0423 (CVSS 7.6) - IBM JRE 6.0 only
CVE-2013-0424 (CVSS 5)
CVE-2013-0425 (CVSS 10)
CVE-2013-0426 (CVSS 10)
CVE-2013-0427 (CVSS 5)
CVE-2013-0428 (CVSS 10)
CVE-2013-0432 (CVSS 6.4)
CVE-2013-0433 (CVSS 5)
CVE-2013-0434 (CVSS 5)
CVE-2013-0435 (CVSS 5) - IBM JRE 6.0 only
CVE-2013-0438 (CVSS 4.3) - IBM JRE 6.0 only
CVE-2013-0440 (CVSS 5)
CVE-2013-0441 (CVSS 10) - IBM JRE 6.0 only
CVE-2013-0442 (CVSS 10)
CVE-2013-0443 (CVSS 4)
CVE-2013-0445 (CVSS 10)
CVE-2013-0446 (CVSS 10) - IBM JRE 6.0 only
CVE-2013-0450 (CVSS 10)
CVE-2013-0809 (CVSS 10)
CVE-2013-1473 (CVSS 5) - IBM JRE 6.0 only
CVE-2013-1475 (CVSS 10)
CVE-2013-1476 (CVSS 10)
CVE-2013-1478 (CVSS 10)
CVE-2013-1480 (CVSS 10)
CVE-2013-1481 (CVSS 10)
CVE-2013-1486 (CVSS 10)
CVE-2013-1487 (CVSS 10) - IBM JRE 6.0 only
CVE-2013-1493 (CVSS 10)
CVSS:
CVEID: CVE-2012-1541
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81761
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-3213
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81769
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-3342
CVSS Base Score: 10
CVSS Temporal Score: see http://xforce.iss.net/xforce/xfdb/78334
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0351
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81786
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-0409
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81793
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0419
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81783
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0423
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81784
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0424
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81798
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0425
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81766
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81767
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0427
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81795
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0428
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81768
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0432
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81788
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVEID: CVE-2013-0433
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81797
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0434
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81792
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0435
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81791
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0438
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81800
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0440
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-0441
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81758
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0442
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81755
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0443
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2013-0445
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81756
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0446
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81762
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0450
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81764
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0809
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82515
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1473
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81790
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-1475
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81759
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1476
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81760
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1478
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81754
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1480
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81757
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1481
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81770
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1486
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82178
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1487
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82177
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1493
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82514
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
AFFECTED PLATFORMS:
IBM WebSphere Message Broker V8.0.0.2, V7.0.0.5 and V6.1.0.11 are affected on
all platforms. However, no version of IBM WebSphere Message Broker for z/OS is
affected
REMEDIATION:
None known
FIX
For IBM WebSphere Message Broker V6.1.0.11 an interim fix for APAR IC90633 is
available from IBM Fix Central:
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IC90633
APAR IC90633 is targetted for availability in IBM WebSphere Message Broker
V6.1.0.12
For IBM WebSphere Message Broker V7.0.0.5 and V8.0.0.2 an interim fix for APAR
IC90634 is available from IBM Fix Central:
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IC90634
APAR IC90634 is targetted for availability in IBM WebSphere Message Broker
V7.0.0.6 and IBM WebSphere Message Broker V8.0.0.3
Mitigation
None known
REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1541
http://xforce.iss.net/xforce/xfdb/81761
CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3213
http://xforce.iss.net/xforce/xfdb/81769
CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3342
http://xforce.iss.net/xforce/xfdb/78334
CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0351
http://xforce.iss.net/xforce/xfdb/81786
CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0409
http://xforce.iss.net/xforce/xfdb/81793
CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0419
http://xforce.iss.net/xforce/xfdb/81783
CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0423
http://xforce.iss.net/xforce/xfdb/81784
CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424
http://xforce.iss.net/xforce/xfdb/81798
CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425
http://xforce.iss.net/xforce/xfdb/81766
CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426
http://xforce.iss.net/xforce/xfdb/81767
CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427
http://xforce.iss.net/xforce/xfdb/81795
CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428
http://xforce.iss.net/xforce/xfdb/81768
CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432
http://xforce.iss.net/xforce/xfdb/81788
CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433
http://xforce.iss.net/xforce/xfdb/81797
CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434
http://xforce.iss.net/xforce/xfdb/81792
CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435
http://xforce.iss.net/xforce/xfdb/81791
CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0438
http://xforce.iss.net/xforce/xfdb/81800
CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440
http://xforce.iss.net/xforce/xfdb/81799
CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0441
http://xforce.iss.net/xforce/xfdb/81758
CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442
http://xforce.iss.net/xforce/xfdb/81755
CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0443
http://xforce.iss.net/xforce/xfdb/81801
CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0445
http://xforce.iss.net/xforce/xfdb/81756
CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0446
http://xforce.iss.net/xforce/xfdb/81762
CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450
http://xforce.iss.net/xforce/xfdb/81764
CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0809
http://xforce.iss.net/xforce/xfdb/82515
CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1473
http://xforce.iss.net/xforce/xfdb/81790
CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475
http://xforce.iss.net/xforce/xfdb/81759
CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476
http://xforce.iss.net/xforce/xfdb/81760
CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478
http://xforce.iss.net/xforce/xfdb/81754
CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480
http://xforce.iss.net/xforce/xfdb/81757
CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1481
http://xforce.iss.net/xforce/xfdb/81770
CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1486
http://xforce.iss.net/xforce/xfdb/82178
CVE-2013-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1487
http://xforce.iss.net/xforce/xfdb/82177
CVE-2013-1493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1493
http://xforce.iss.net/xforce/xfdb/82514
CHANGE HISTORY:
02/05/2013: Original Copy Published
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUYci6e4yVqjM2NGpAQLaYQ/7BfcJpEBkUbEAocd2mhaUA2vrvSK/Z/IE
xNJE2AQ4rQz6Q4hKjtQTLX6AuHrPDbD/LuHXIatrjlYuTL0W0T/qPUsTUzK6fFbX
JcpYUDJWKOatZOSOl1DbX5PhcDcUbPxt+3wjQuCgJ2WDAclUIRZWFlzb02FR+usG
aOQb2/KcupT5eGlsHXdgDGQ/Y8tF+e4O7PilhQY5VXU6GC3udMbJ0d66axU2rnMI
oA708vHIyNXSinrpvi0O8DfEDWWLZV3GGmoAWpO3H66W6dh+N56McwzIRTjAMf2Q
qN9AYC08QSX1TSiGVg5G/NzrtCic4Q4/NegZYhn3eA+P5zWZMWZqXwr8yyDrZi/d
S4YI5IhBtIsZLGDVkaIq3nv2O+dRgC4q/nAW+V4BzgCT+u3KfJuXy5U4vqxBNFV6
uB8oln+USffHYSsAxHAE2pXDtNorsZPDO+hn+zRMf3VrgP5YGmNY4Y+YC6frofgZ
I+UkAqHg0MBHuL76fMBB/dqNAbzfDRkznVdLqo0KfEJ7htno7gj+AW9erjB1Zc2Q
KMLz9gjmHGR0IgMNMYwThkvFmhs6mpTEsuS4qYRARXgtHqAeYBH+CfJSZQlIcIKS
LPRyc/IrlH31H0tpwyDoZBN4Qbb7oCDzKpR800fAbJrjyhLVYyFcDeceYu6yQOm8
I+708+P1BaA=
=LI8m
-----END PGP SIGNATURE-----
|