Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0644
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus
24 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Spectrum Protect Plus
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8428 CVE-2020-4222 CVE-2020-4213
CVE-2020-4212 CVE-2020-4211 CVE-2020-4210
CVE-2019-19602 CVE-2019-19537 CVE-2019-19532
CVE-2019-19531 CVE-2019-19530 CVE-2019-19529
CVE-2019-19527 CVE-2019-19526 CVE-2019-19524
CVE-2019-18814 CVE-2019-18813 CVE-2019-18812
CVE-2019-18811 CVE-2019-18810 CVE-2019-18809
CVE-2019-18808 CVE-2019-18807 CVE-2019-18806
CVE-2019-18282 CVE-2019-18198 CVE-2019-16714
CVE-2019-15902 CVE-2019-15538 CVE-2019-15505
CVE-2019-15504 CVE-2019-14898 CVE-2019-10639
CVE-2019-4703
Reference: ESB-2020.0572.2
ESB-2020.0415
ESB-2020.0411
ESB-2020.0200
Original Bulletin:
https://www.ibm.com/support/pages/node/3177915
https://www.ibm.com/support/pages/node/3178863
https://www.ibm.com/support/pages/node/3177579
Comment: This bulletin contains three (3) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Information Disclosure in IBM Spectrum Protect Plus (CVE-2019-4703)
Security Bulletin
Document number: 3177915
Modified date: 21 February 2020
Summary
The user id and password may be exposed in IBM Spectrum Protect Plus when
protecting Microsoft SQL or Microsoft Exchange.
Vulnerability Details
CVEID: CVE-2019-4703
DESCRIPTION: IBM Spectrum Protect Plus, when protecting Microsoft SQL or
Microsoft Exchange, could allow an attacker with intimate knowledge of the
system to obtain highly sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172013 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
+-----------------------------------+------------------+
|Affected Product(s) |Version(s) |
+-----------------------------------+------------------+
|IBM Spectrum Protect Plus |10.1.0-10.1.5 |
+-----------------------------------+------------------+
Remediation/Fixes
+---------------+-------------+--------+----------------------------------------------------+
|Spectrum |First Fixing | | |
|Protect |VRM Level |Platform|Link to Fix |
|Plus Release | | | |
+---------------+-------------+--------+----------------------------------------------------+
|10.1 |10.1.5 patch1|Linux |http://www.ibm.com/support/docview.wssuid= |
| | | |ibm11072392 |
+---------------+-------------+--------+----------------------------------------------------+
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
- --------------------------------------------------------------------------------
Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210,
CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211)
Security Bulletin
Document number: 3178863
Modified date: 21 February 2020
Summary
Command injection vulnerabilities in IBM Spectrum Protect Plus could allow a
remote attacker to execute arbitrary code on the system.
Vulnerability Details
CVEID: CVE-2020-4210
DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to execute
arbitrary code on the system. By using a specially crafted HTTP command, an
attacker could exploit this vulnerability to execute arbitrary command on the
system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-4213
DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to execute
arbitrary code on the system. By using a specially crafted HTTP command, an
attacker could exploit this vulnerability to execute arbitrary command on the
system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175024 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-4222
DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to execute
arbitrary code on the system. By using a specially crafted HTTP command, an
attacker could exploit this vulnerability to execute arbitrary command on the
system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175091 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-4212
DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to execute
arbitrary code on the system. By using a specially crafted HTTP command, an
attacker could exploit this vulnerability to execute arbitrary command on the
system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175023 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-4211
DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to execute
arbitrary code on the system. By using a specially crafted HTTP command, an
attacker could exploit this vulnerability to execute arbitrary command on the
system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
+-----------------------------------------+---------------------+
|Affected Product(s) |Version(s) |
+-----------------------------------------+---------------------+
|IBM Spectrum Protect Plus |10.1.0-10.1.5 |
+-----------------------------------------+---------------------+
Remediation/Fixes
+-------------------+---------------+---------+----------------------------------------------------------------+
|Spectrum Protect |First Fixing |Platform |Link to Fix |
|Plus Release |VRM Level | | |
+-------------------+---------------+---------+----------------------------------------------------------------+
|10.1 |10.1.5 patch1 |Linux |http://www.ibm.com/support/docview.wssuid=ibm11072392 |
+-------------------+---------------+---------+----------------------------------------------------------------+
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
- --------------------------------------------------------------------------------
Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
Security Bulletin
Document number: 3177579
Modified date: 21 February 2020
Summary
There are multiple security vulnerabilities in the Linux Kernel that affect IBM
Spectrum Protect Plus.
Vulnerability Details
CVEID: CVE-2019-19532
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by
multiple out-of-bound write conditions in HID drivers.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172610 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVEID: CVE-2019-19529
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/net/can/usb/mcba_usb.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172526 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19530
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/usb/class/cdc-acm.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172527 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19526
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/nfc/pn533/usb.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172523 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19531
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/usb/misc/yurex.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172528 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19524
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/input/ff-memless.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172521 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19537
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
race condition in drivers/usb/core/file.c. By connecting a specially-crafted
USB device, an attacker could exploit this vulnerability to cause the system to
stop responding.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172608 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-19527
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free condition in drivers/hid/usbhid/hiddev.c. By connecting a
specially-crafted USB device, an attacker could exploit this vulnerability to
cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172524 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18811
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the sof_set_get_large_ctrl_data function in sound/soc/sof/ipc.c.
By triggering sof_get_ctrl_copy_params() failures, a remote attacker could
exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171184 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18810
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the komeda_wb_connector_add function in drivers/gpu/drm/arm/
display/komeda/komeda_wb_connector.c. By triggering
drm_writeback_connector_init() failures, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171183 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18813
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the dwc3_pci_probe function in drivers/usb/dwc3/dwc3-pci.c. By
triggering platform_device_add_properties() failures, a remote attacker could
exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171186 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18812
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the sof_dfsentry_write function in sound/soc/sof/debug.c. By
sending a specially-crafted request, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18808
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the ccp_run_sha_cmd function in drivers/crypto/ccp/ccp-ops.c. By
sending a specially-crafted request, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171181 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18807
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by two
memory leaks in the sja1105_static_config_upload function in drivers/net/dsa/
sja1105/sja1105_spi.c. By triggering static_config_buf_prepare_for_upload() or
sja1105_inhibit_tx() failures, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171180 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18809
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the af9005_identify_state function in drivers/media/usb/dvb-usb/
af9005.c. By sending a specially-crafted request, a remote attacker could
exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171182 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18814
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free in the aa_audit_rule_init function in security/apparmor/audit.c.
By sending a specially-crafted request, a remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-18806
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in the ql_alloc_large_buffers function in drivers/net/ethernet/
qlogic/qla3xxx.c. By triggering pci_dma_mapping_error() failures, a local
authenticated attacker could exploit this vulnerability to consume all
available memory resources.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171179 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-8428
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free in may_create_in_sticky. By executing a specially-crafted
program, a local attacker could exploit this vulnerability to cause the system
to crash, or possibly leak information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175359 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2019-16714
DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive
information, caused by the failure to initialize the tos and flags fields in
the rds6_inc_info_copy function in net/rds/recv.c. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
obtain sensitive information from the kernel stack memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167373 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-10639
DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive
information, caused by the use of a weak function to generate IP packet IDs. By
sniffing the network, an attacker could exploit this vulnerability to obtain
hash collisions information to derive the hashing key.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167414 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-15538
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw in xfs_setattr_nonsize in fs/xfs/xfs_iops.c. By sending a
specially-crafted system call, a local attacker could exploit this
vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
165865 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-18198
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
reference count usage error in the fib6_rule_suppress function in the fib6
suppression feature of net/ipv6/fib6_rules.c. By sending a specially-crafted
request, a local attacker could exploit this vulnerability to corrupt the
memory resulting in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169685 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-15505
DESCRIPTION: Linux Kernel could allow a physical attacker to obtain sensitive
information, caused by an out-of-bounds read flaw in technisat-usb2.c. By using
a specially-crafted USB device, an attacker could exploit this vulnerability to
obtain sensitive information or cause a denial of service condition on the
system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
165745 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2019-15504
DESCRIPTION: Linux Kernel could allow a physical attacker to execute arbitrary
code on the system, caused by a double free flaw in rsi_91x_usb.c. By using a
specially-crafted USB device, an attacker could exploit this vulnerability to
execute arbitrary code on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
165744 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-15902
DESCRIPTION: Linux Kernel could provide weaker than expected security, caused
by a backporting error. A remote attacker could exploit this vulnerability to
launch further attacks on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166561 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-19602
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory corruption in fpregs_state_valid in arch/x86/include/asm/fpu/internal.h.
By sending a specially crafted request, a local attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172692 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-14898
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
race condition in between mmget_not_zero()/get_task_mm() and core dumping. By
using a specially-crafted system call, a local authenticated attacker could
exploit this vulnerability to cause the system to crash or obtain sensitive
information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175727 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2019-18282
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by a device tracking vulnerability in flow_dissector
feature. By sending a specially crafted request, an attacker could exploit this
vulnerability to obtain sensitive information and then use this information to
launch further attacks against the affected system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174716 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
+-------------------------------+----------------+
|Affected Product(s) |Version(s) |
+-------------------------------+----------------+
|IBM Spectrum Protect Plus |10.1.0-10.1.5 |
+-------------------------------+----------------+
Remediation/Fixes
+-----------------+--------------+--------+----------------------------------------------------------+
|Spectrum Protect |First Fixing |Platform|Link to Fix |
|Plus Release |VRM Level | | |
+-----------------+--------------+--------+----------------------------------------------------------+
|10.1 |10.1.5 patch1 |Linux |http://www.ibm.com/support/docview.wssuid=ibm11072392 |
+-----------------+--------------+--------+----------------------------------------------------------+
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXlMqeGaOgq3Tt24GAQgxcRAA2a7A0MQqH2QO3N81rrRLQ3pytFQj5QxN
Lyd30/YOInlHJv39qPZVKbKlB6gJykVdpLbolO0wmFSD4vsEulrGAWyCbqkzW6a9
5vr9JBEGWzkgNkzI38g6Kq/uT9VVEFhlcNG+S3yuzvXbeHKaHDTmvgBloXCBXxhE
8gIBBv9NpQIfIT6h1kvWRgFnsglN961/2Zrh1Wl75Sb+2Hk/6g1ehLeiC/IdoTl+
+qbqvldeMdTp54VtbBdGERVr7pZ519O3k8EMEBJdqs04rcFIInH7aLT6zbXx3RZk
WFgufqlmWZT281WNt0SsGkJmHfDN1Jwwm2pQHSCI6m/M99AGdNYFlzz9Rri4ekaw
RzyO49vaz7gIrMyxMfA9fw2gb7qvVHxnVXYMlHxgyxiggN40LjoCAxTHKFSZowBx
DRt7Vb4ETaoAtyNWBGNkVqVwAbhe6NE4Oa9/XY2dY18BJE0kWj1MoITpPNfLFN+9
jxhcDe4lbcqRRJwFzyE7Tzxh1lr+kvIP7pZVCQcNkKVCHboVSryqN/B+d/6K9T5S
DkLIQ/z75wHMpvlYq/y6g7+ioxj1/tq7gMIgrhgDWGKoEVjtwL6YNkzOgIPWz1HR
9xdk5cO82lDi1UHv7lvGL03BOfXoNMnDa5n0CZV2XPGGWh0XgxzltHdy5hAa6V6k
aycPLeGO/TQ=
=Ch+8
-----END PGP SIGNATURE-----