Operating System:

[Cisco]

Published:

07 November 2018

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2018.2627.6
           Linux Kernel IP Fragment Reassembly Denial of Service
                  Vulnerability Affecting Cisco Products
                              7 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Products
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5391  

Reference:         ESB-2018.2612
                   ESB-2018.2468
                   ESB-2018.2457
                   ESB-2018.2342

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment

Revision History:  November   7 2018: Updated information about fixed release
				      availability. Removed references to
				      ongoing investigation.
                   October   26 2018: Updated information about fixed release
				      availability.
                   October   12 2018: Updated information about fixed release
				      availability.
                   October    5 2018: Vendor updated lists of products that
		   		      are vulnerable, not vulnerable,
				      under investigation and fixed releases
                   September 14 2018: Vendor updated lists of products that
		                      are vulnerable, not vulnerable,
				      under investigation and fixed releases
                   September  5 2018: Initial Release


- --------------------------BEGIN INCLUDED TEXT--------------------

Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting
Cisco Products: August 2018

Priority: High
Advisory ID: cisco-sa-20180824-linux-ip-fragment
First Published: 2018 August 24 21:30 GMT
Last Updated: 2018 November 6 18:17 GMT
Version 1.15: Final
Workarounds: Yes

Summary

  * On August 14, 2018, the Vulnerability Coordination team of the National
    Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center
    (CERT/CC) disclosed a vulnerability in the IP stack that is used by the
    Linux Kernel. This vulnerability is publicly known as FragmentSmack.

    The vulnerability could allow an unauthenticated, remote attacker to cause
    a denial of service (DoS) condition on an affected device. An attack could
    be executed by an attacker who can submit a stream of fragmented IPv4 or
    IPv6 packets that are designed to trigger the issue on an affected device.

    The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly
    algorithms in the IP stack that is used by the affected kernel. Linux
    Kernel Versions 3.9 and later are known to be affected by this
    vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Affected Products

  * Cisco investigated its product line to determine which products and
    services may be affected by this vulnerability.

    The "Vulnerable Products" section of this advisory includes Cisco bug IDs
    for each affected product or service. The bugs are accessible through the
    Cisco Bug Search Tool and contain additional platform-specific information,
    including workarounds (if available) and fixed software releases.

    Any product or service not listed in the "Products Under Investigation" or
    "Vulnerable Products" section of this advisory is to be considered not
    vulnerable.

    Vulnerable Products

    The following table lists Cisco products that are affected by the
    vulnerability that is described in this advisory:

                  Product                  Cisco    Fixed Release Availability
                                           Bug ID
                          Collaboration and Social Media
    Cisco SocialMiner                    CSCvk78929 Consult the Cisco bug ID
                                                    for details
                  Network Application, Service, and Acceleration
    Cisco Cloud Services Platform 2100   CSCvm15451 2.4.0 (Jan-2019)
    Cisco Tetration Analytics            CSCvm15463 3.2 (Mar-2019)
    Cisco vEdge 100 Series Routers       CSCvm15501 18.3.3 (Oct-2018)
                                                    18.4.0 (Nov-2018)
    Cisco vEdge 1000 Series Routers      CSCvm15501 18.3.3 (Oct-2018)
                                                    18.4.0 (Nov-2018)
    Cisco vEdge 2000 Series Routers      CSCvm15501 18.3.3 (Oct-2018)
                                                    18.4.0 (Nov-2018)
    Cisco vEdge 5000 Series Routers      CSCvm15501 18.3.3 (Oct-2018)
                                                    18.4.0 (Nov-2018)
    Cisco vEdge Cloud Router Platform    CSCvm15501 18.3.3 (Oct-2018)
                                                    18.4.0 (Nov-2018)
                       Network and Content Security Devices
    Cisco AMP Virtual Private Cloud      CSCvm56669 Consult the Cisco bug ID
    Appliance                                       for details
    Cisco FireSIGHT System Software      CSCvm10968 6.2.3.7 (Nov-2018)
                                                    6.3.0 (Dec-2018)
    Cisco Firepower Management Center    CSCvm10968 6.2.3.7 (Nov-2018)
                                                    6.3.0 (Dec-2018)
                                                    6.2.3.6 (Oct-2018)
                                                    6.2.2.5 (Nov-2018)
    Cisco Firepower Threat Defense (FTD) CSCvm05464 6.2.0.7 (Dec-2018)
    Software                                        6.2.3-99 (FTD Virtual for
                                                    the Microsoft Azure Cloud -
                                                    Available)
    Cisco Firepower eXtensible Operating CSCvm21278 2.4.1 (Oct-2018)
    System (FXOS) Software
    Cisco Identity Services Engine (ISE) CSCvm15495 Consult the Cisco bug ID
                                                    for details
    Cisco Secure Access Control System   CSCvm09119 No fix expected - End of
    (ACS)                                           life
    Cisco Threat Grid Appliance          CSCvm15448 2.5 (Sep-2018)
    Cisco Umbrella Virtual Appliance     CSCvm15497 v2.3 (Oct-2018)
                        Network Management and Provisioning
    Cisco CloudCenter                    CSCvm40406 4.10.0.1 (Nov-2018)
    Cisco Common Services Platform       CSCvm59990 CSPC 2.8.0.1 (Nov-2018)
    Collector                                       CSPC 2.7.4.4 (Nov-2018)
    Cisco Elastic Service Controller     CSCvm15475 Contact the Cisco TAC for
    (ESC)                                           remediation options
    Cisco Enterprise Service Automation  CSCvm15467 No fix expected - End of
                                                    life
    Cisco Evolved Programmable Network   CSCvm18160 Consult the Cisco bug ID
    Manager                                         for details
    Cisco Meeting Server                 CSCvm15488 2.5 (Dec-2018)
    Cisco Network Analysis Module        CSCvm15477 6.4(2) (Jan-2019)
    Cisco Policy Suite                   CSCvm15802 Consult the Cisco bug ID
                                                    for details
    Cisco Prime Collaboration Assurance  CSCvm15480 11.6 es19 (Oct-2018)
                                                    12.1 sp2 (Oct-2018)
    Cisco Prime Collaboration Deployment CSCvm15504 12.5(1) (Dec-2018)
    Cisco Prime Collaboration            CSCvm15479 12.6 (Nov-2018)
    Provisioning
    Cisco Prime Infrastructure           CSCvm15478 Consult the Cisco bug ID
                                                    for details
    Cisco Prime Network Registrar        CSCvm15471 10.0.1 (Mar-2019)
    Virtual Appliance
    Cisco Prime Service Catalog Virtual  CSCvm15492 Consult the Cisco bug ID
    Appliance                                       for details
    Cisco Virtual Topology System -      CSCvm21613 2.6.2 (Sep-2018)
    Virtual Topology Controller (VTC) VM
    Cisco Virtual Topology System -      CSCvm21614 Consult the Cisco bug ID
    Virtual Topology Forwarder (VTF) VM             for details
              Routing and Switching - Enterprise and Service Provider
    Cisco ACI Virtual Edge               CSCvm15456 2.1(1a) (Sep-2018)
    Cisco Application Policy                        Consult the Cisco bug ID
    Infrastructure Controller (APIC) -   CSCvm15473 for details
    Enterprise Module
    Cisco Application Policy             CSCvm15454 4.0 (Oct-2018)
    Infrastructure Controller (APIC)                3.2.4 (Nov-2018)
    Cisco DNA Center                     CSCvm15474 1.3 (Apr-2019)
                                                    16.10.1 (Oct-2018)
    Cisco IOS XE Software                CSCvm09121 16.9.2 (Oct-2018)
                                                    16.6.5 (Dec-2018)
                                                    16.3.8 (Jan-2019)
    Cisco IOx Fog Director               CSCvm15498 FD-1.8.0 (Feb-2019)
    Cisco MDS 9000 Series Multilayer     CSCvm15459 Consult the Cisco bug ID
    Switches                                        for details
    Cisco Network Assurance Engine       CSCvm15450 3.0(0) (Nov-2018)
    Cisco Nexus 3000 Series Switches     CSCvm09117 9.2(2) (Nov-2018)
    Cisco Nexus 7000 Series Switches     CSCvm15461 Consult the Cisco bug ID
                                                    for details
    Cisco Nexus 9000 Series Fabric       CSCvm15457 14.0 (Oct-2018)
    Switches - ACI mode                             13.2.4 (Nov-2018)
    Cisco Nexus 9000 Series Switches -   CSCvm09117 9.2(2) (Nov-2018)
    Standalone, NX-OS mode
                                 Unified Computing
    Cisco Enterprise NFV Infrastructure  CSCvm15500 3.10.1 (Dec-2018)
    Software (NFVIS)
    Cisco HyperFlex System               CSCvm15800 3.5(1a) (Oct-2018)
    Cisco UCS B-Series M5 Blade Servers  CSCvm18261 Consult the Cisco bug ID
    - Integrated Management Controller              for details
    Cisco UCS Standalone C-Series M5                4.0(2a) (Nov-2018)
    Rack Server - Integrated Management  CSCvm15466 3.1(3i) (Nov-2018)
    Controller
                     Voice and Unified Communications Devices
    Cisco Emergency Responder            CSCvm15507 12.5(1) (Dec-2018)
    Cisco Finesse                        CSCvk78931 Consult the Cisco bug ID
                                                    for details
    Cisco IP Phone 7800 Series with      CSCvm24442 11.2.3 (Jan-2019)
    Multiplatform Firmware
    Cisco IP Phone 7800 Series           CSCvm15510 12.5 (Nov-2018)
    Cisco IP Phone 7832 with             CSCvm24440 11.2.3 (Jan-2019)
    Multiplatform Firmware
    Cisco IP Phone 8800 Series with      CSCvm24436 11.2.3 (Jan-2019)
    Multiplatform Firmware
    Cisco IP Phone 8800 Series           CSCvm21280 12.5 (Nov-2018)
    Cisco MediaSense                     CSCvk78932 Consult the Cisco bug ID
                                                    for details
    Cisco Paging Server                  CSCvm15509 12.5.1 (Nov-2018)
    Cisco Unified Communications Domain  CSCvm15505 Consult the Cisco bug ID
    Manager                                         for details
    Cisco Unified Communications Manager
    IM & Presence Service (formerly      CSCvm15508 12.5(1) (Dec-2018)
    CUPS)
    Cisco Unified Communications Manager CSCvm15503 12.5(1) (Dec-2018)
    Session Management Edition
    Cisco Unified Communications Manager CSCvm15503 12.5(1) (Dec-2018)
    Cisco Unified Contact Center         CSCvk78928 Consult the Cisco bug ID
    Enterprise - Live Data server                   for details
    Cisco Unified Contact Center Express CSCvm15506 Consult the Cisco bug ID
                                                    for details
    Cisco Unified Intelligence Center    CSCvk78927 Consult the Cisco bug ID
                                                    for details
    Cisco Unity Connection               CSCvm15803 12.5(1) (Dec-2018)
    Cisco Virtualized Voice Browser      CSCvk78933 Consult the Cisco bug ID
                                                    for details
    Cisco Webex Hybrid Data Security     CSCvm49452 Cisco will update affected
    Node                                            systems (Nov-2018)
    Cisco Webex Meetings Server          CSCvm44844 2.8 MR3 (Nov-2018)
    Cisco Webex Video Mesh Node          CSCvm44845 Cisco will update affected
                                                    systems (Nov-2018)
              Video, Streaming, TelePresence, and Transcoding Devices
    Cisco Expressway Series              CSCvm15491 x12.5 (Jan-2019)
    Cisco Meeting Management             CSCvm15483 Consult the Cisco bug ID
                                                    for details
    Cisco TelePresence Conductor         CSCvm15486 Consult the Cisco bug ID
                                                    for details
    Cisco TelePresence Integrator C      CSCvm15489 TC7.3.15 (Sep-2018)
    Series
    Cisco TelePresence MX Series         CSCvm15489 TC7.3.15 (Sep-2018)
                                                    CE9.5.0 (Sep-2018)
    Cisco TelePresence Profile Series    CSCvm15489 TC7.3.15 (Sep-2018)
    Cisco TelePresence SX80 Codec        CSCvm15489 TC7.3.15 (Sep-2018)
                                                    CE9.5.0 (Sep-2018)
    Cisco TelePresence Server on Virtual CSCvm15490 Consult the Cisco bug ID
    Machine                                         for details
    Cisco TelePresence System EX Series  CSCvm15489 TC7.3.15 (Sep-2018)
    Cisco TelePresence Video             CSCvm15491 x12.5 (Jan-2019)
    Communication Server (VCS)
    Cisco Video Surveillance 8000 Series CSCvm15494 1.0.5-3 (Oct-2018)
    IP Cameras
    Cisco Webex Room Kit                 CSCvm15489 CE9.5.0 (Sep-2018)
                                     Wireless
    Cisco Aironet 1560 Series Access                8.5 MR4 (Oct-2018)
    Points                               CSCvm15469 8.8 MR1 (Oct-2018)
                                                    8.9 (Feb-2019)
    Cisco Aironet 1815 Series Access                8.5 MR4 (Oct-2018)
    Points                               CSCvm15469 8.8 MR1 (Oct-2018)
                                                    8.9 (Feb-2019)
    Cisco Aironet 2800 Series Access                8.5 MR4 (Oct-2018)
    Points                               CSCvm15469 8.8 MR1 (Oct-2018)
                                                    8.9 (Feb-2019)
    Cisco Aironet 3800 Series Access                8.5 MR4 (Oct-2018)
    Points                               CSCvm15469 8.8 MR1 (Oct-2018)
                                                    8.9 (Feb-2019)
    Cisco Mobility Services Engine       CSCvm15476 CMX 10.6 (Jan-2019)
    Cisco Wireless LAN Controller (WLC              Consult the Cisco bug ID
    5520, WLC 8540, WLC 3504, Virtual    CSCvm76255 for details
    Wireless Controller)


    Products Confirmed Not Vulnerable

    Only products and services listed in the ?Vulnerable Products? section of
    this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    products and services.

    Network and Content Security Devices
      + Cisco Adaptive Security Appliance (ASA) Software
      + Cisco Adaptive Security Virtual Appliance (ASAv)

    Network Management and Provisioning
      + Cisco Prime Optical

    Routing and Switching - Enterprise and Service Provider
      + Cisco ASR 5000 Series Routers
      + Cisco IOS XRv 9000 Router, Cisco ASR 9000 Series Aggregation Services
        Routers - Running Cisco IOS XR 64-bit (eXR) Software
      + Cisco Network Convergence System 1000 Series Routers
      + Cisco Network Convergence System 5000 Series Routers
      + Cisco Network Convergence System 5500 Series Routers
      + Cisco Network Convergence System 6000 Series Routers
      + Cisco Nexus 1000V Series Switches

    Unified Computing
      + Cisco UCS Fabric Interconnects

    Voice and Unified Communications Devices
      + Cisco IP Phone 8845 with Multiplatform Firmware
      + Cisco IP Phone 8865 with Multiplatform Firmware
      + Cisco Unified IP 8831 Conference Phone for Third-Party Call Control
      + Cisco Wireless IP Phone 8821

    Wireless
      + Cisco Aironet 1810 Series OfficeExtend Access Points
      + Cisco Aironet 1810w Series Access Points
      + Cisco Aironet 1830 Series Access Points
      + Cisco Aironet 1850 Series Access Points

Workarounds

  * Any workarounds will be documented in product-specific Cisco bugs, which
    are identified in the ?Vulnerable Products? section of this advisory.

    In many cases, platform-dependent workarounds may be available.
    Administrators may be able to leverage access control lists (ACLs), Control
    Plane Policing (CoPP), or other rate limiting measures to control the flow
    of fragmented packets that reach an affected interface. Off-device
    mitigations, such as external firewalls or infrastructure ACLs on edge
    devices, may also effectively control the flow of IP fragments that are
    directed to management interfaces or control planes of downstream affected
    devices.

Fixed Software

  * For information about fixed software releases, consult the Cisco bugs
    identified in the "Vulnerable Products" section of this advisory.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page, to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    TAC or their contracted maintenance providers.

Exploitation and Public Announcements

  * The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any malicious use of the vulnerability that is described in this advisory.

Source

  * This vulnerability was reported by Juha-Matti Tilli, of the Aalto
    University Department of Communications and Networking, and Nokia Bell
    Labs.

URL

  * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20180824-linux-ip-fragment

Revision History

  * 
    +-----------------------------------------------------------------------------+
    | Version |      Description      |   Section   | Status  |       Date        |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated information   | Summary,    |         |                   |
    |         | about fixed release   | Affected    |         |                   |
    | 1.15    | availability. Removed | Products,   | Final   | 2018-November-06  |
    |         | references to ongoing | Vulnerable  |         |                   |
    |         | investigation.        | Products    |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated information   | Vulnerable  |         |                   |
    | 1.14    | about fixed release   | Products    | Interim | 2018-October-25   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated information   | Vulnerable  |         |                   |
    | 1.13    | about fixed release   | Products    | Interim | 2018-October-19   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated information   | Vulnerable  |         |                   |
    | 1.12    | about fixed release   | Products    | Interim | 2018-October-11   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation and     | Products,   |         |                   |
    | 1.11    | vulnerable products.  | Vulnerable  | Interim | 2018-October-04   |
    |         | Updated information   | Products    |         |                   |
    |         | about fixed release   |             |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated information   | Vulnerable  |         |                   |
    | 1.10    | about fixed release   | Products    | Interim | 2018-September-27 |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.9     | and products          | Products,   | Interim | 2018-September-24 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  | Affected    |         |                   |
    | 1.8     | products under        | Products,   | Interim | 2018-September-17 |
    |         | investigation and     | Vulnerable  |         |                   |
    |         | vulnerable products.  | Products    |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.7     | and products          | Products,   | Interim | 2018-September-13 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.6     | and products          | Products,   | Interim | 2018-September-10 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.5     | and products          | Products,   | Interim | 2018-September-06 |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  | Affected    |         |                   |
    | 1.4     | products under        | Products,   | Interim | 2018-September-04 |
    |         | investigation and     | Vulnerable  |         |                   |
    |         | vulnerable products.  | Products    |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.3     | and products          | Products,   | Interim | 2018-August-30    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  |             |         |                   |
    |         | products under        | Affected    |         |                   |
    |         | investigation,        | Products,   |         |                   |
    |         | vulnerable products,  | Vulnerable  |         |                   |
    | 1.2     | and products          | Products,   | Interim | 2018-August-29    |
    |         | confirmed not         | Products    |         |                   |
    |         | vulnerable. Updated   | Confirmed   |         |                   |
    |         | information about     | Not         |         |                   |
    |         | fixed release         | Vulnerable  |         |                   |
    |         | availability.         |             |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    |         | Updated the lists of  | Affected    |         |                   |
    |         | products under        | Products,   |         |                   |
    |         | investigation,        | Vulnerable  |         |                   |
    | 1.1     | vulnerable products,  | Products,   | Interim | 2018-August-28    |
    |         | and products          | Products    |         |                   |
    |         | confirmed not         | Confirmed   |         |                   |
    |         | vulnerable.           | Not         |         |                   |
    |         |                       | Vulnerable  |         |                   |
    |---------+-----------------------+-------------+---------+-------------------|
    | 1.0     | Initial public        | -           | Interim | 2018-August-24    |
    |         | release.              |             |         |                   |
    +-----------------------------------------------------------------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+Im8WaOgq3Tt24GAQjSJw/+LaUT48YAb5Z9jbvPUQc//CNoEcidUdFn
bwuwQ3eFGc+C+XPsKMU2Ty3yWDiu8Xk6jvDDOCP14FoGff3WVpuYZgRKLTOWJiDr
efWzHQg7tYlv21KEA8AB0scWJ2TO10hTFfUrAwXpWL4oADTVP1EuYCW6XCrCjtE9
EEy3wjJTCJZ6Zmd8FCN4Bae9o5RqW71TxWRFLxm+lQFziRNIeKNk6LshJQAFH9W5
kG5KeCgl5QjOia6L7206f8Godt9UcTm9ZXGmm2druv0q177IT5omQOOU94Uqztp6
dNTYJhVFLSMOJr8n28c1VJZU6SNsA80he27lcT/tJaAUKhcZ4+3dKDhP5fGi11as
5aQQDyD7rhBIvQ+KlZXtcmK3iQKO+XNgRUWioEL304f5HKRUaATbblfWsvT6U0Le
zp6JWEjI6/MKv/mEliK9IE5gcoGlQfE2wK1tnHnQE4BkQ0uv7HchwWB1at8npKFx
xmUD00nCoSu/65d5dG9eCmQhgOSIOOLxiLPUtHyyOqGphbbu3WD2auUKVEfvnhhi
4BaHYZP5xWkwVKGxcEPDDevmyWavZd+8xVNmO6WGRHHRGPtiPhcOzpqAjuMLwOxY
k6C9Ms/qr8IzqQupmABdBkoE1SyttG2t+/EJuov148CUuxueW613NEGdyXUDHNMC
TnWBM2FBo64=
=gXYh
-----END PGP SIGNATURE-----