copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
Security Bul...
»
AusCERT Exte...
» ESB-2013.0636 - [Win][Linux][HP-UX][Solaris][AIX] IB...
ESB-2013.0636 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere Message Broker: Multiple vulnerabilities
Date:
06 May 2013
References
:
ASB-2013.0013
ASB-2013.0025
ASB-2013.0034
ESB-2013.0496
ESB-2013.0546
ESB-2013.0548
ESB-2013.0601
ESB-2013.0629
ESB-2013.0634
ESB-2013.0642
ESB-2013.0648
ESB-2013.0652
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0636 IBM WebSphere Message Broker Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 6 6 May 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Message Broker Publisher: IBM Operating System: AIX Linux variants HP-UX Solaris Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Overwrite Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1493 CVE-2013-1487 CVE-2013-1486 CVE-2013-1481 CVE-2013-1480 CVE-2013-1478 CVE-2013-1476 CVE-2013-1475 CVE-2013-1473 CVE-2013-0809 CVE-2013-0450 CVE-2013-0446 CVE-2013-0445 CVE-2013-0443 CVE-2013-0442 CVE-2013-0441 CVE-2013-0440 CVE-2013-0438 CVE-2013-0435 CVE-2013-0434 CVE-2013-0433 CVE-2013-0432 CVE-2013-0428 CVE-2013-0427 CVE-2013-0426 CVE-2013-0425 CVE-2013-0424 CVE-2013-0423 CVE-2013-0419 CVE-2013-0409 CVE-2013-0351 CVE-2012-3342 CVE-2012-3213 CVE-2012-1541 Reference: ASB-2013.0034 ASB-2013.0025 ASB-2013.0013 ESB-2013.0634 ESB-2013.0629 ESB-2013.0601 ESB-2013.0548 ESB-2013.0546 ESB-2013.0496 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635160 - --------------------------BEGIN INCLUDED TEXT-------------------- IBM WebSphere Message Broker Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 6 Flash (Alert) Document information WebSphere Message Broker Broker Software version: 6.1, 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4, 7.0.0.5, 8.0, 8.0.0.1, 8.0.0.2 Operating system(s): AIX, HP-UX on Itanium, HP-UX on PA-RISC, Linux, Linux SUSE - pSeries, Linux SUSE - xSeries, Linux SUSE - zSeries, Linux SUSE -zSeries, Linux pSeries, Solaris, Windows Reference #: 1635160 Modified date: 2013-05-02 Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR15 (and earlier) and IBM JRE 6.0 SR12 (and earlier) Content VULNERABILITY DETAILS CVE ID: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493 DESCRIPTION: There are multiple security vulnerabilities in the IBM Java Runtime Environment component of IBM WebSphere Message Broker. All are applicable to both IBM JRE 5.0 and IBM JRE 6.0 except where indicated. CVE-2012-1541 (CVSS 10) - IBM JRE 6.0 only CVE-2012-3213 (CVSS 10) - IBM JRE 6.0 only CVE-2012-3342 (CVSS 10) - IBM JRE 6.0 only CVE-2013-0351 (CVSS 7.5) - IBM JRE 6.0 only CVE-2013-0409 (CVSS 5) CVE-2013-0419 (CVSS 7.6) CVE-2013-0423 (CVSS 7.6) - IBM JRE 6.0 only CVE-2013-0424 (CVSS 5) CVE-2013-0425 (CVSS 10) CVE-2013-0426 (CVSS 10) CVE-2013-0427 (CVSS 5) CVE-2013-0428 (CVSS 10) CVE-2013-0432 (CVSS 6.4) CVE-2013-0433 (CVSS 5) CVE-2013-0434 (CVSS 5) CVE-2013-0435 (CVSS 5) - IBM JRE 6.0 only CVE-2013-0438 (CVSS 4.3) - IBM JRE 6.0 only CVE-2013-0440 (CVSS 5) CVE-2013-0441 (CVSS 10) - IBM JRE 6.0 only CVE-2013-0442 (CVSS 10) CVE-2013-0443 (CVSS 4) CVE-2013-0445 (CVSS 10) CVE-2013-0446 (CVSS 10) - IBM JRE 6.0 only CVE-2013-0450 (CVSS 10) CVE-2013-0809 (CVSS 10) CVE-2013-1473 (CVSS 5) - IBM JRE 6.0 only CVE-2013-1475 (CVSS 10) CVE-2013-1476 (CVSS 10) CVE-2013-1478 (CVSS 10) CVE-2013-1480 (CVSS 10) CVE-2013-1481 (CVSS 10) CVE-2013-1486 (CVSS 10) CVE-2013-1487 (CVSS 10) - IBM JRE 6.0 only CVE-2013-1493 (CVSS 10) CVSS: CVEID: CVE-2012-1541 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81761 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-3213 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81769 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-3342 CVSS Base Score: 10 CVSS Temporal Score: see http://xforce.iss.net/xforce/xfdb/78334 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0351 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81786 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-0409 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81793 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0419 CVSS Base Score: 7.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81783 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0423 CVSS Base Score: 7.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81784 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0424 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81798 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0425 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81766 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0426 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81767 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0427 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81795 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0428 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81768 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0432 CVSS Base Score: 6.4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81788 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2013-0433 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81797 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0434 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81792 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0435 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81791 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0438 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81800 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0440 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2013-0441 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81758 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0442 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81755 CVSS Environmental Score*: Undefined CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0443 CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) CVEID: CVE-2013-0445 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81756 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0446 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81762 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0450 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81764 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0809 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82515 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1473 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81790 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-1475 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81759 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1476 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81760 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1478 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81754 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1480 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81757 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1481 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81770 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1486 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82178 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1487 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82177 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1493 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82514 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. AFFECTED PLATFORMS: IBM WebSphere Message Broker V8.0.0.2, V7.0.0.5 and V6.1.0.11 are affected on all platforms. However, no version of IBM WebSphere Message Broker for z/OS is affected REMEDIATION: None known FIX For IBM WebSphere Message Broker V6.1.0.11 an interim fix for APAR IC90633 is available from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IC90633 APAR IC90633 is targetted for availability in IBM WebSphere Message Broker V6.1.0.12 For IBM WebSphere Message Broker V7.0.0.5 and V8.0.0.2 an interim fix for APAR IC90634 is available from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IC90634 APAR IC90634 is targetted for availability in IBM WebSphere Message Broker V7.0.0.6 and IBM WebSphere Message Broker V8.0.0.3 Mitigation None known REFERENCES: Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html) On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2) CVE-2012-1541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1541 http://xforce.iss.net/xforce/xfdb/81761 CVE-2012-3213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3213 http://xforce.iss.net/xforce/xfdb/81769 CVE-2012-3342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3342 http://xforce.iss.net/xforce/xfdb/78334 CVE-2013-0351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0351 http://xforce.iss.net/xforce/xfdb/81786 CVE-2013-0409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0409 http://xforce.iss.net/xforce/xfdb/81793 CVE-2013-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0419 http://xforce.iss.net/xforce/xfdb/81783 CVE-2013-0423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0423 http://xforce.iss.net/xforce/xfdb/81784 CVE-2013-0424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424 http://xforce.iss.net/xforce/xfdb/81798 CVE-2013-0425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425 http://xforce.iss.net/xforce/xfdb/81766 CVE-2013-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426 http://xforce.iss.net/xforce/xfdb/81767 CVE-2013-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427 http://xforce.iss.net/xforce/xfdb/81795 CVE-2013-0428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428 http://xforce.iss.net/xforce/xfdb/81768 CVE-2013-0432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432 http://xforce.iss.net/xforce/xfdb/81788 CVE-2013-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433 http://xforce.iss.net/xforce/xfdb/81797 CVE-2013-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434 http://xforce.iss.net/xforce/xfdb/81792 CVE-2013-0435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435 http://xforce.iss.net/xforce/xfdb/81791 CVE-2013-0438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0438 http://xforce.iss.net/xforce/xfdb/81800 CVE-2013-0440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440 http://xforce.iss.net/xforce/xfdb/81799 CVE-2013-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0441 http://xforce.iss.net/xforce/xfdb/81758 CVE-2013-0442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442 http://xforce.iss.net/xforce/xfdb/81755 CVE-2013-0443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0443 http://xforce.iss.net/xforce/xfdb/81801 CVE-2013-0445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0445 http://xforce.iss.net/xforce/xfdb/81756 CVE-2013-0446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0446 http://xforce.iss.net/xforce/xfdb/81762 CVE-2013-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450 http://xforce.iss.net/xforce/xfdb/81764 CVE-2013-0809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0809 http://xforce.iss.net/xforce/xfdb/82515 CVE-2013-1473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1473 http://xforce.iss.net/xforce/xfdb/81790 CVE-2013-1475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475 http://xforce.iss.net/xforce/xfdb/81759 CVE-2013-1476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476 http://xforce.iss.net/xforce/xfdb/81760 CVE-2013-1478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478 http://xforce.iss.net/xforce/xfdb/81754 CVE-2013-1480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480 http://xforce.iss.net/xforce/xfdb/81757 CVE-2013-1481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1481 http://xforce.iss.net/xforce/xfdb/81770 CVE-2013-1486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1486 http://xforce.iss.net/xforce/xfdb/82178 CVE-2013-1487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1487 http://xforce.iss.net/xforce/xfdb/82177 CVE-2013-1493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1493 http://xforce.iss.net/xforce/xfdb/82514 CHANGE HISTORY: 02/05/2013: Original Copy Published Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUYci6e4yVqjM2NGpAQLaYQ/7BfcJpEBkUbEAocd2mhaUA2vrvSK/Z/IE xNJE2AQ4rQz6Q4hKjtQTLX6AuHrPDbD/LuHXIatrjlYuTL0W0T/qPUsTUzK6fFbX JcpYUDJWKOatZOSOl1DbX5PhcDcUbPxt+3wjQuCgJ2WDAclUIRZWFlzb02FR+usG aOQb2/KcupT5eGlsHXdgDGQ/Y8tF+e4O7PilhQY5VXU6GC3udMbJ0d66axU2rnMI oA708vHIyNXSinrpvi0O8DfEDWWLZV3GGmoAWpO3H66W6dh+N56McwzIRTjAMf2Q qN9AYC08QSX1TSiGVg5G/NzrtCic4Q4/NegZYhn3eA+P5zWZMWZqXwr8yyDrZi/d S4YI5IhBtIsZLGDVkaIq3nv2O+dRgC4q/nAW+V4BzgCT+u3KfJuXy5U4vqxBNFV6 uB8oln+USffHYSsAxHAE2pXDtNorsZPDO+hn+zRMf3VrgP5YGmNY4Y+YC6frofgZ I+UkAqHg0MBHuL76fMBB/dqNAbzfDRkznVdLqo0KfEJ7htno7gj+AW9erjB1Zc2Q KMLz9gjmHGR0IgMNMYwThkvFmhs6mpTEsuS4qYRARXgtHqAeYBH+CfJSZQlIcIKS LPRyc/IrlH31H0tpwyDoZBN4Qbb7oCDzKpR800fAbJrjyhLVYyFcDeceYu6yQOm8 I+708+P1BaA= =LI8m -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1980&it=17495