ESB-2018.2675.2 - UPDATE [Linux] IBM Security Guardium: Multiple vulnerabilities 2018-09-11

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2018.2675.2
                   IBM Security Guardium vulnerabilities
                             11 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Security Guardium
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Root Compromise        -- Remote with User Interaction
                   Increased Privileges   -- Remote/Unauthenticated      
                   Access Privileged Data -- Remote/Unauthenticated      
                   Modify Arbitrary Files -- Remote/Unauthenticated      
                   Delete Arbitrary Files -- Remote/Unauthenticated      
                   Denial of Service      -- Remote/Unauthenticated      
                   Create Arbitrary Files -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5382 CVE-2018-2678 CVE-2018-2677
                   CVE-2018-2663 CVE-2018-2657 CVE-2018-2641
                   CVE-2018-2639 CVE-2018-2638 CVE-2018-2637
                   CVE-2018-2634 CVE-2018-2633 CVE-2018-2629
                   CVE-2018-2618 CVE-2018-2603 CVE-2018-2602
                   CVE-2018-2599 CVE-2018-2588 CVE-2018-2582
                   CVE-2018-2579 CVE-2018-1417 CVE-2017-13098
                   CVE-2017-1272  

Reference:         ASB-2018.0024
                   ESB-2018.2516
                   ESB-2018.2480
                   ESB-2018.2461

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22016006
   http://www.ibm.com/support/docview.wss?uid=swg22015896
   http://www.ibm.com/support/docview.wss?uid=ibm10730661
   http://www.ibm.com/support/docview.wss?uid=swg22016292

Comment: This bulletin contains four (4) IBM security advisories.

Revision History:  September 11 2018: Update from vendor re Security Guardium - Document Reference 2015896
                   September  7 2018: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle
vulnerability

Security Bulletin

Document information

More support for: IBM Security Guardium

Software version: 9.0, 9.1, 9.5

Operating system(s): Linux

Reference #: 2016006

Modified date: 06 September 2018

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2018-5382
DESCRIPTION: Bouncy Castle could allow a local attacker to obtain sensitive
information, caused by an error in the BKS version 1 keystore files. By
utilizing an HMAC that is only 16 bits long for the MAC key size, an attacker
could exploit this vulnerability using brute-force techniques to crack a BKS-V1
keystore file in seconds and gain access to the keystore contents.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
140465 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

+---------------------------------+-----------------+
| Affected IBM Security Guardium  |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium            |9.0-9.5          |
+---------------------------------+-----------------+

Remediation/Fixes

+---------------------+---------------+--------------------------------------------------+
|       Product       |     VRMF      |             Remediation / First Fix              |
+---------------------+---------------+--------------------------------------------------+
|                     |               |http://www.ibm.com/support/fixcentral/swg/        |
|                     |               |quickorder-parent=IBM%20Security&product=ibm/     |
|IBM Security Guardium|9.0 - 9.5      |Information+Management/InfoSphere+Guardium&release|
|                     |               |=9.0&platform=All&function=fixId&fixids=          |
|                     |               |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit& |
|                     |               |includeSupersedes=0&source=fc                     |
+---------------------+---------------+--------------------------------------------------+

Workarounds and Mitigations

None

Change History

Sept 06, 2018: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by a Public disclosed
vulnerability from Bouncy Castle

Security Bulletin

Document information

More support for: IBM Security Guardium

Software version: 9.0 - 9.5

Operating system(s): Linux

Reference #: 2016292

Modified date: 06 September 2018

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2017-13098
DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive
information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher)
attack. By utilizing discrepancies in TLS error messages, an attacker could
exploit this vulnerability to obtain the data in the encrypted messages once
the TLS session has completed. Note: This vulnerability is also known as the
ROBOT attack.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
136241 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+---------------------------------+-----------------+
| Affected IBM Security Guardium  |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium            |9.0 - 9.5        |
+---------------------------------+-----------------+

Remediation/Fixes

+---------------------+---------------+------------------------------------------------+
|       Product       |     VRMF      |            Remediation / First Fix             |
+---------------------+---------------+------------------------------------------------+
|                     |               |http://www.ibm.com/support/fixcentral/swg/      |
|                     |               |quickorder-parent=IBM%20Security&product=ibm/   |
|IBM Security Guardium|9.0 - 9.5      |Information+Management/InfoSphere+Guardium&     |
|                     |               |release=9.0&platform=All&function=fixId&fixids= |
|                     |               |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit|
|                     |               |&includeSupersedes=0&source=fc                  |
+---------------------+---------------+------------------------------------------------+

Workarounds and Mitigations

None

Change History

Sept 06, 2018: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by a Query Parameter in
SSL Request vulnerability

Security Bulletin

Document information

More support for: IBM Security Guardium

Software version: 9.5

Operating system(s): Linux

Reference #: 0730661

Modified date: 06 September 2018

Summary

IBM Security Guardium has addressed the following vulnerability.


Vulnerability Details

CVEID: CVE-2017-1272
DESCRIPTION: IBM Security Guardium stores sensitive information in URL
parameters. This may lead to information disclosure if unauthorized parties
have access to the URLs via server logs, referrer header or browser history.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124747 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+--------------------------------------------+-----------------+
|       Affected IBM Security Guardium       |Affected Versions|
+--------------------------------------------+-----------------+
|IBM Security Guardium                       |9.5              |
+--------------------------------------------+-----------------+

Remediation/Fixes

+---------------------+---------------+------------------------------------------------+
|       Product       |     VRMF      |            Remediation / First Fix             |
+---------------------+---------------+------------------------------------------------+
|                     |               |http://www.ibm.com/support/fixcentral/swg/      |
|                     |               |quickorder-parent=IBM%20Security&product=ibm/   |
|IBM Security Guardium|9.5            |Information+Management/InfoSphere+Guardium&     |
|                     |               |release=9.0&platform=All&function=fixId&fixids= |
|                     |               |SqlGuard_9.0p770_CombinedFixPackForGPU750_64-bit|
|                     |               |&includeSupersedes=0&source=fc                  |
+---------------------+---------------+------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John
Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

Sept 06, 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------



Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security
Guardium

Document information

More support for: IBM Security Guardium

Software version: 10.0 - 10.5

Operating system(s): Linux

Reference #: 2015896

Modified date: 07 September 2018

Security Bulletin

Summary

There are multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition,
Version 6 used by IBM Security Guardium. These issues were disclosed as part of
the IBM Java SDK updates in Jan 2018.

Vulnerability Details

CVEID: CVE-2018-2579
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to obtain sensitive information resulting in a low
confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137833 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-2588
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit LDAP component could allow an authenticated
attacker to obtain sensitive information resulting in a low confidentiality
impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137841 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-2663
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to cause a denial of service resulting in a low
availability impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137917 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2677
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded AWT component could allow an unauthenticated attacker to
cause a denial of service resulting in a low availability impact using unknown
attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137932 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2678
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to cause a denial of service resulting in a low availability impact
using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137933 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2602
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded I18n component could allow an unauthenticated attacker to
cause low confidentiality impact, low integrity impact, and low availability
impact.
CVSS Base Score: 4.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137854 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-2599
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to cause no confidentiality impact, low integrity impact, and low
availability impact.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137851 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID: CVE-2018-2603
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit Libraries component could allow an
unauthenticated attacker to cause a denial of service resulting in a low
availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137855 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2629
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated
attacker to cause no confidentiality impact, high integrity impact, and no
availability impact.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137880 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID: CVE-2018-2657
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, JRockit Serialization component could allow an unauthenticated attacker to
cause a denial of service resulting in a low availability impact using unknown
attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137910 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2618
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated
attacker to obtain sensitive information resulting in a high confidentiality
impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137870 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-2641
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded AWT component could allow an unauthenticated attacker to
cause no confidentiality impact, high integrity impact, and no availability
impact.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137893 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID: CVE-2018-2582
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker
to cause no confidentiality impact, high integrity impact, and no availability
impact.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137836 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID: CVE-2018-2634
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to
obtain sensitive information resulting in a high confidentiality impact using
unknown attack vectors.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137886 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2018-2637
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated
attacker to cause high confidentiality impact, high integrity impact, and no
availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137889 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2018-2633
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated
attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137885 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-2638
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE Deployment component could allow an unauthenticated attacker to take control
of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137890 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-2639
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java
SE Deployment component could allow an unauthenticated attacker to take control
of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137891 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-1417
DESCRIPTION: Under certain circumstances, a flaw in the J9 JVM allows untrusted
code running under a security manager to elevate its privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138823 
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

+---------------------------------+-----------------+
| Affected IBM Security Guardium  |                 |
|                                 |Affected Versions|
+---------------------------------+-----------------+
|IBM Security Guardium            |                 |
|                                 |10.0-10.5        |
+---------------------------------+-----------------+

Remediation/Fixes

+----------+----------+----------------------------------------------------------------+
|Product   |VRMF      |Remediation/First Fix                                           |
+----------+----------+----------------------------------------------------------------+
|IBM       |10.0-10.5 |https://www-945.ibm.com/support/fixcentral/swg/selectFixes?     |
|Security  |          |product=ibm/Information+Management/InfoSphere+Guardium&release= |
|Guardium  |          |All&platform=All&function=fixId&fixids=                         |
|          |          |SqlGuard_10.0p505_Bundle_Jun-24-2018&includeSupersedes=0&source=|
|          |          |fc                                                              |
+----------+----------+----------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

July 02, 2018: Original Version Published
Sept 06, 2018: Second Version Published
Sept 07, 2018: Third Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW5cxxWaOgq3Tt24GAQidww//SP5qHjqN6WXesWkeQwwMLeEPVglAL7DK
XArzh4Kmwziewpmn+0pVT6b8/jri2+F/AC4Xoth3cI6thVa2z5DhsaAlIXpg1qhA
yjvBzNGLQsUw4WiGUNvJXW/2EcpcP83M0UWSFd3w3dMJu3jeIvPjjFzfqp5OT70s
FM0r8iLVK+sBjftBItVY2tWBMHblTk5eHpf1cZm3iiCNcKydLi4pyI8A6NJTdCBm
H/kpdqABjRnsMRT8Vy2nqibEAUnIKIfNtmhnpTOMwBXV4K+xEo8OIFtDWz0+pfEN
FNrw+oEx7q8yMKG9N+gQziD2TargRhNt3af3o2HTgNYXACkrnUp3+yPMsB0SCxWx
P/1YTkd9Sl8cDT6ns4TN6frx6aScdKwWq6IrS6d2v1SeeH4Bxz3wyGknkNKs2Lui
eOiybkj1f5Uh3FX8bWJDiA3o1o/8xMdkm7Vqt3jpUC+nsACC5+4q0VYBR0K7VNij
8wiMVqYg5bt0eUzuv2D5ahlA6zL4fjxFPT3YcftqX9gRXDBX8Cf7RF4FVL2ofuhD
lty8TSw5Ze8Ujk6bBN6qPj7ilsDNjJOTnsekhLKBH5T6XW4z+Mz2CgrsW5Gq8Q7k
qYQM3Uipt3TMhUdcH4Q7g4maDH0F6Oe9uXMywWtvFlbDjiDtb5T9F1ELgjPWHASe
ppCwsC7I6No=
=+FuQ
-----END PGP SIGNATURE-----

« Back to bulletins