Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Oh Isee===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.2271
Security Bulletin: IBM Db2 Multiple Vulnerabilities
8 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Db2
Publisher: IBM
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Administrator Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-1519 CVE-2017-1452 CVE-2017-1451
CVE-2017-1439 CVE-2017-1438 CVE-2017-1434
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg22005740
http://www-01.ibm.com/support/docview.wss?uid=swg22006109
http://www-01.ibm.com/support/docview.wss?uid=swg22007183
http://www-01.ibm.com/support/docview.wss?uid=swg22006061
http://www-01.ibm.com/support/docview.wss?uid=swg22006885
Comment: This bulletin contains five (5) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Db2 sensitive information exposure in the error log
(CVE-2017-1434).
Security Bulletin
Document information
More support for:
DB2 for Linux, UNIX and Windows
Install/Migrate/Upgrade - Database
Software version:
11.1
Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows
Software edition:
Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server,
Express, Express-C, Personal, Workgroup Server
Reference #: 2005740
Modified date: 07 September 2017
Summary
When a version check to upgrade Db2 to v11.x fails, the connection string is
written in the clear in an error message to db2diag.log.
Vulnerability Details
CVEID: CVE-2017-1434
DESCRIPTION:
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) under
unusual circumstances, could expose highly sensitive information in the error
log to a local user.
CVSS Base Score: 5.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/127806
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
All fix pack levels for server editions of IBM Db2 V11.1 on all platforms are
affected.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this
vulnerability.
FIX:
Customers running any vulnerable fixpack level of an affected Program, V11.1,
can download the special build containing the interim fix for this issue from
Fix Central. These special builds are available based on the most recent
fixpack level for each impacted release: V11.1.2.2 FP2. They can be applied
to any affected fixpack level of the appropriate release to remediate this
vulnerability.
Release
Release Fixed in fix pack APAR Download URL
V11.1.2.2 TBD IT21347 Special Build for V11.1.2.2 FP2:
AIX 64-bit
Linux 64-bit, x86-64
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Windows 64-bit, x86
Workarounds and Mitigations
When running the version check tool db2ckupgrade to upgrade Db2 to V11.x and
providing the tool with the password to connect to Db2, if the upgrade fails,
search the db2diag.log for the record with the connection string written in
the clear and delete the record.
Sample record:
2017-04-19-14.31.51.488000-240 I31814496F2169 LEVEL: Error
PID : 1496 TID : 2236 PROC : db2ckupgrade.exe
INSTANCE: SERVER1 NODE : 000
HOSTNAME: NAME
EDUID : 2236
FUNCTION: <0>, <0>, <0>, probe:6541
MESSAGE : Could not get a exclusive connection
DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
0x00000026293ADF30 : 0000 0000 0000 0000 0000 0000 7E8A FFFF ............~...
x00000026293ADF40 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADF50 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADF60 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADF70 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADF80 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADF90 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADFA0 : 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00000026293ADFB0 : 0000 0000 0000 0000 ........
DATA #2 : String, 52 bytes
DSN=DB;UID=user;PWD=xxxxxxx;;MODE=EXCLUSIVE;
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
September 7, 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
============================================================================
Security Bulletin: IBM Db2 vulnerability allows local user to overwrite Db2
files. (CVE-2017-1452)
Security Bulletin
Document information
More support for:
DB2 for Linux, UNIX and Windows
Software version:
9.7, 10.1, 10.5, 11.1
Operating system(s):
AIX, HP-UX, Linux, Solaris
Software edition:
Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server,
Express, Express-C, Personal, Workgroup Server
Reference #: 2006109
Modified date: 07 September 2017
Summary
A vulnerability in IBM Db2 could allow a local user to obtain elevated
privilege and overwrite Db2 files.
Vulnerability Details
CVEID: CVE-2017-1452
DESCRIPTION:
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow
a local user to obtain elevated privilege and overwrite DB2 files.
CVSS Base Score: 6.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/128180
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 server editions
running on AIX, Linux, HP, Solaris are affected. Db2 running on Windows is
not vulnerable.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this
vulnerability.
FIX:
Customers running any vulnerable fixpack level of an affected Program, V9.7,
V10.1, V10.5, and Db2 V11.1, can download the special build containing the
interim fix for this issue from Fix Central. These special builds are
available based on the most recent fixpack level for each impacted release:
Db2 V9.7 FP11, V10.1 FP6, V10.5 FP8, and Db2 V11.1.2.2 FP2. They can be
applied to any affected fixpack level of the appropriate release to remediate
this vulnerability.
Release Fixed in fix pack APAR Download URL
V9.7 TBD IT21465 Special Build for V9.7 FP11:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.1 TBD IT21464 Special Build for V10.1 FP6:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.5 TBD IT21463 Special Build for V10.5 FP8:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Inspur
V11.1.2.2 TBD IT21458 Special Build for V11.1.2.2 FP2:
AIX 64-bit
Linux 64-bit, x86-64
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Workarounds and Mitigations
None.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
The vulnerability was reported to IBM by Rich Mirch.
Change History
September 7, 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
============================================================================
Security Bulletin: IBM Db2 is affected by denial of service vulnerability in
the Db2 Connect Server (CVE-2017-1519)
Security Bulletin
Document information
More support for:
DB2 for Linux, UNIX and Windows
Software version:
10.5, 11.1
Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows
Software edition:
Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server,
Express, Express-C, Personal, Workgroup Server
Reference #: 2007183
Modified date: 07 September 2017
Summary
IBM Db2 contains a denial of service vulnerability. A remote user can cause
disruption of service for Db2 Connect Server setup with a particular
configuration using SSL and an alternate gateway setup.
Vulnerability Details
CVEID: CVE-2017-1519
DESCRIPTION:
IBM Db2 contains a denial of service vulnerability. A remote user can cause
disruption of service for DB2 Connect Server setup with a particular
configuration.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/129829
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V10.5 and V11.1 Connect Server editions on all
platforms are affected.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this
vulnerability.
FIX:
Customers running any vulnerable fixpack level of an affected Program, V10.5
and V11.1, can download the special build containing the interim fix for this
issue from Fix Central. These special builds are available based on the most
recent fixpack level for each impacted release: V10.5 FP8 and V11.1.2.2 FP2.
They can be applied to any affected fixpack level of the appropriate release
to remediate this vulnerability.
Release Fixed in fix pack APAR Download URL
V10.5 TBD IT21454 Special Build for V10.5 FP8:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Windows 32-bit, x86
Windows 64-bit, x86
Inspur
V11.1.2.2 TBD IT21455 Special Build for V11.1.2.2 FP2:
AIX 64-bit
Linux 64-bit, x86-64
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Windows 64-bit, x86
Workarounds and Mitigations
None.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
September 7, 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
============================================================================
Security Bulletin: Privilege escalation vulnerabilities affect IBM Db2
(CVE-2017-1439, CVE-2017-1451)
Security Bulletin
Document information
More support for:
DB2 for Linux, UNIX and Windows
Software version:
9.7, 10.1, 10.5, 11.1
Operating system(s):
AIX, HP-UX, Linux, Solaris
Software edition:
Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server,
Express, Express-C, Personal, Workgroup Server
Reference #: 2006061
Modified date: 07 September 2017
Summary
Vulnerabilities in IBM Db2 could allow a local user to gain elevated
privilege.
Vulnerability Details
CVEID: CVE-2017-1439
DESCRIPTION:
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow
a local user with DB2 instance owner privileges to obtain root access.
CVSS Base Score: 6.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/128058
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-1451
DESCRIPTION:
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow
a local user with DB2 instance owner privileges to obtain root access.
CVSS Base Score: 6.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/128178
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 server editions
running on AIX, Linux, HP, Solaris are affected. Db2 running on Windows is
not vulnerable.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this
vulnerability.
FIX:
Customers running any vulnerable fixpack level of an affected Program, V9.7,
V10.1, V10.5, V11.1, can download the special build containing the interim
fix for this issue from Fix Central. These special builds are available based
on the most recent fixpack level for each impacted release: DB2 V9.7 FP11,
V10.1 FP6, V10.5 FP8 and V11.1.2.2 FP2. They can be applied to any affected
fixpack level of the appropriate release to remediate this vulnerability.
Release Fixed in fix pack APAR Download URL
V9.7 TBD IT21396 Special Build for V9.7 FP11:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.1 TBD IT21395 Special Build for V10.1 FP6:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.5 TBD IT21394 Special Build for V10.5 FP8:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Inspur
V11.1.2.2 TBD IT21364 Special Build for V11.1.2.2 FP2:
AIX 64-bit
Linux 64-bit, x86-64
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Workarounds and Mitigations
None.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
The vulnerabilities were reported to IBM by Rich Mirch.
Change History
September 7, 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
============================================================================
Security Bulletin: Privilege escalation vulnerabilities affect IBM Db2
(CVE-2017-1438)
Security Bulletin
Document information
More support for:
DB2 for Linux, UNIX and Windows
Software version:
9.7, 10.1, 10.5, 11.1
Operating system(s):
AIX, HP-UX, Linux, Solaris
Software edition:
Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server,
Express, Express-C, Personal, Workgroup Server
Reference #: 2006885
Modified date: 07 September 2017
Summary
Vulnerabilities in IBM Db2 could allow a local user to gain elevated
privilege.
Vulnerability Details
CVEID:CVE-2017-1438
DESCRIPTION:
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow
a local user with DB2 instance owner privileges to obtain root access.
CVSS Base Score: 6.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/128057
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 server editions
running on AIX, Linux, HP, Solaris are affected. Db2 running on Windows is
not vulnerable.
Remediation/Fixes
The recommended solution is to apply the appropriate fix for this
vulnerability.
FIX:
Customers running any vulnerable fixpack level of an affected Program, V9.7,
V10.1, V10.5, V11.1, can download the special build containing the interim
fix for this issue from Fix Central. These special builds are available based
on the most recent fixpack level for each impacted release: DB2 V9.7 FP11,
V10.1 FP6, V10.5 FP8 and V11.1.2.2 FP2. They can be applied to any affected
fixpack level of the appropriate release to remediate this vulnerability.
Release Fixed in fix pack APAR Download URL
V9.7 TBD IT21143 Special Build for V9.7 FP11:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.1 TBD IT21163 Special Build for V10.1 FP6:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
V10.5 TBD IT21164 Special Build for V10.5 FP8:
AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER big endian
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Inspur
V11.1.2.2 TBD IT21140 Special Build for V11.1.2.2 FP2:
AIX 64-bit
Linux 64-bit, x86-64
Linux 64-bit, POWER little endian
Linux 64-bit, System z, System z9 or zSeries
Workarounds and Mitigations
None.
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
The vulnerability was reported to IBM by Rich Mirch.
Change History
September 7, 2017: Original version published.
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWbISyYx+lLeg9Ub1AQj+OQ//f5I17vEVgS9JsOBtmbBfNLtFyuc+O92c
wJBCalhzVY4/+JwAQBlfO0MNeWZSQbZtwTjLL7xptIEZpw088/yGny3/eG6ioA+v
GZ29+rqVtUWpimzE4zXcWT2Goetz+YDv53Zi9Ci4xsL0seaZ+HYGuDlLej40A5Oe
cJEOMGubVBC7IY2bs0VWmL5nKbEjNUGadsI+rGA2D2tCaDHZ1Z45sqtbqhd4FR8d
n41yrzcj51lmo1lDz9U0YnNL1mgnm2v8BEuTYp3tW0YMsmDvhJseC5qZ0bzoUgpX
H0Ih2htXKtVI2YaKLvl4y6b5xE17utjdYdQ/DptkGCWlmfUFBsbiebeiU/fdNzvD
MbunUWEkRFeBh513/EYGKjVvFOZQfTgliiKOMMU4KFhxto4cS02nhGFiwbnhN65q
S6TQ3TMK1Wvmc2+BQfhMwKJjgmI8fscI5j5qOmkLpjNLJREZmmKpg45Ah6H9sAR1
nJqcbEG8EaNOSipw0XRakNT1IOdze53TZsjVFdQVK84iZwR4hWZDnCwtp62cbSgy
P+9LDCTdUf/KXFsIRvycMHvbuH6QhW2deVhU7lHlTDK6b+8W2ZekSrdJJK9faI49
ddgS11OEoeSCQk5ik9z0HtOfSwcEqay8FmJP07VpbE804DamVhNK7vJxdUSm3Bq7
dFo9xZBQe6c=
=5DF1
-----END PGP SIGNATURE-----