Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2190
VMSA-2020-0015 - VMware ESXi, Workstation, and Fusion vulnerability updates
24 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware ESXi
VMware Workstation
VMware Fusion
VMware Cloud Foundation
Publisher: VMWare
Operating System: VMware ESX Server
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3971 CVE-2020-3970 CVE-2020-3969
CVE-2020-3968 CVE-2020-3967 CVE-2020-3966
CVE-2020-3965 CVE-2020-3964 CVE-2020-3963
CVE-2020-3962
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than VMWare. It is recommended that administrators
running check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
Advisory ID: VMSA-2020-0015
CVSSv3 Range: 4.0 - 9.3
Issue Date: 2020-06-23
Updated On: 2020-06-23 (Initial Advisory)
CVE(s): CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965,
CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970,
CVE-2020-3971
Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple
security vulnerabilities (CVE-2020-3962, CVE-2020-3963, CVE-2020-3964,
CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969,
CVE-2020-3970, CVE-2020-3971)
1. Impacted Products
o VMware ESXi
o VMware Workstation Pro / Player (Workstation)
o VMware Fusion Pro / Fusion (Fusion)
o VMware Cloud Foundation
2. Introduction
Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately
reported to VMware. Patches and updates are available to remediate these
vulnerabilities in affected VMware products as well as workarounds.
3a. Use-after-free vulnerability in SVGA device (CVE-2020-3962)
Description
VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in
the SVGA device. VMware has evaluated the severity of this issue to be in the
Critical severity range with a maximum CVSSv3 base score of 9.3.
Known Attack Vectors
A malicious actor with local access to a virtual machine with 3D graphics
enabled may be able to exploit this vulnerability to execute code on the
hypervisor from a virtual machine.
Resolution
To remediate CVE-2020-3962 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3962 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Corentin Bayet (@OnlyTheDuck) and Bruno Pujos
(@BrunoPujos) from Synacktiv (@Synacktiv) working with Trend Micro's Zero Day
Initiative for reporting this issue to us.
Notes
[1] 3D graphics are not enabled by default on ESXi.
[2] 3D graphics are enabled by default on Workstation and Fusion.
3b. Off-by-one heap-overflow vulnerability in SVGA device (CVE-2020-3969)
Description
VMware ESXi, Workstation and Fusion contain an off-by-one heap-overflow
vulnerability in the SVGA device. VMware has evaluated the severity of this
issue to be in the Important severity range with a maximum CVSSv3 base score of
8.1.
Known Attack Vectors
A malicious actor with local access to a virtual machine with 3D graphics
enabled may be able to exploit this vulnerability to execute code on the
hypervisor from a virtual machine. Additional conditions beyond the attacker's
control must be present for exploitation to be possible.
Resolution
To remediate CVE-2020-3969 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3969 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Corentin Bayet (@OnlyTheDuck) and Bruno Pujos
(@BrunoPujos) from Synacktiv (@Synacktiv) working with Trend Micro's Zero Day
Initiative for reporting this issue to us.
Notes
[1] 3D graphics are not enabled by default on ESXi.
[2] 3D graphics are enabled by default on Workstation and Fusion.
[3] CVE-2020-3969 does not affect the ESXi 6.7 or 6.5 release lines.
3c. Out-of-bound read issue in Shader Functionality (CVE-2020-3970)
Description
VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability
in the Shader functionality. VMware has evaluated the severity of this issue to
be in the Moderate severity range with a maximum CVSSv3 base score of 4.0.
Known Attack Vectors
A malicious actor with non-administrative local access to a virtual machine
with 3D graphics enabled may be able to exploit this vulnerability to crash the
virtual machine's vmx process leading to a partial denial of service condition.
Resolution
To remediate CVE-2020-3970 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3970 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Wei Lei and anhdaden of STAR Labs working with Trend
Micro Zero Day Initiative for reporting this issue to us.
Notes
[1] 3D graphics are not enabled by default on ESXi.
[2] 3D graphics are enabled by default on Workstation and Fusion.
Response Matrix - 3a, 3b, 3c
Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional
On Documentation
CVE-2020-3962,
ESXi[1] 7.0 Any CVE-2020-3969, 9.3 critical ESXi_7.0.0-1.20.16321839 See Item 34 None
CVE-2020-3970
CVE-2020-3962,
ESXi[1] 6.7 Any [3] 9.3 critical ESXi670-202004101-SG See Item 34 None
CVE-2020-3969,
CVE-2020-3970
CVE-2020-3962,
ESXi[1] 6.5 Any [3] 9.3 critical ESXi650-202005401-SG See Item 34 None
CVE-2020-3969,
CVE-2020-3970
CVE-2020-3962,
Fusion[2] 11.x Any CVE-2020-3969, 9.3 critical 11.5.5 KB59146 None
CVE-2020-3970
Workstation CVE-2020-3962,
[2] 15.x Any CVE-2020-3969, 9.3 critical 15.5.5 KB59146 None
CVE-2020-3970
VMware CVE-2020-3962,
Cloud 4.x Any CVE-2020-3969, 9.3 critical Release Pending (4.0.1) See Item 34 None
Foundation CVE-2020-3970
VMware CVE-2020-3962,
Cloud 3.x Any [3] 9.3 critical 3.10 See Item 34 None
Foundation CVE-2020-3969
CVE-2020-3970
3d. Heap-overflow issue in EHCI controller (CVE-2020-3967)
Description
VMware ESXi, Workstation and Fusion contain a heap-overflow vulnerability in
the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue
to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
Known Attack Vectors
A malicious actor with local access to a virtual machine may be able to exploit
this vulnerability to execute code on the hypervisor from a virtual machine.
Additional conditions beyond the attacker's control must be present for
exploitation to be possible.
Resolution
To remediate CVE-2020-3967 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3967 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Reno Robert working with Trend Micro Zero Day
Initiative for reporting this issue to us.
Notes
None.
3e. Out-of-bounds write vulnerability in xHCI controller (CVE-2020-3968)
Description
VMware ESXi, Workstation and Fusion contain an out-of-bounds write
vulnerability in the USB 3.0 controller (xHCI). VMware has evaluated the
severity of this issue to be in the Important severity range with a maximum
CVSSv3 base score of 8.1.
Known Attack Vectors
A malicious actor with local administrative privileges on a virtual machine may
be able to exploit this issue to crash the virtual machine's vmx process
leading to a denial of service condition or execute code on the hypervisor from
a virtual machine. Additional conditions beyond the attacker's control must be
present for exploitation to be possible.
Resolution
To remediate CVE-2020-3968 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3968 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Reno Robert working with Trend Micro Zero Day
Initiative for reporting this issue to us.
Notes
None.
Response Matrix - 3d, 3e
Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional
On Documentation
ESXi 7.0 Any CVE-2020-3967, 8.1 important ESXi_7.0.0-1.20.16321839 Remove USB None
CVE-2020-3968 Controller
ESXi 6.7 Any CVE-2020-3967, 8.1 important ESXi670-202004101-SG Remove USB None
CVE-2020-3968 Controller
ESXi 6.5 Any CVE-2020-3967, 8.1 important ESXi650-202005401-SG Remove USB None
CVE-2020-3968 Controller
Fusion 11.x Any CVE-2020-3967, 8.1 important 11.5.5 Remove USB None
CVE-2020-3968 Controller
Workstation 15.x Any CVE-2020-3967, 8.1 important 15.5.5 Remove USB None
CVE-2020-3968 Controller
VMware CVE-2020-3967, Remove USB
Cloud 4.x Any CVE-2020-3968 8.1 important Release Pending (4.0.1) Controller None.
Foundation
VMware CVE-2020-3967, Remove USB
Cloud 3.x Any CVE-2020-3968 8.1 important 3.10 Controller None
Foundation
3f. Heap-overflow due to race condition in EHCI controller (CVE-2020-3966)
Description
VMware ESXi, Workstation and Fusion contain a heap-overflow due to a race
condition issue in the USB 2.0 controller (EHCI). VMware has evaluated the
severity of this issue to be in the Important severity range with a maximum
CVSSv3 base score of 8.1.
Known Attack Vectors
A malicious actor with local access to a virtual machine may be able to exploit
this vulnerability to execute code on the hypervisor from a virtual machine.
Additional conditions beyond the attacker's control must be present for
exploitation to be possible.
Resolution
To remediate CVE-2020-3966 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3966 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Reno Robert working with Trend Micro Zero Day
Initiative for reporting this issue to us.
Notes
None.
Response Matrix - 3f
Product Version Running CVE CVSSv3 Severity Fixed Version Workarounds Additional
On Identifier Documentation
ESXi 7.0 Any CVE-2020-3966 8.1 important ESXi_7.0.0-1.20.16321839 Remove USB None
Controller
ESXi 6.7 Any CVE-2020-3966 8.1 important ESXi670-202004101-SG Remove USB None
Controller
ESXi 6.5 Any CVE-2020-3966 8.1 important ESXi650-202005401-SG Remove USB None
Controller
Fusion 11.x Any CVE-2020-3966 8.1 important 11.5.2 Remove USB None
Controller
Workstation 15.x Any CVE-2020-3966 8.1 important 15.5.2 Remove USB None
Controller
VMware Remove USB
Cloud 4.x Any CVE-2020-3966 8.1 important Release Pending (4.0.1) Controller None
Foundation
VMware Remove USB
Cloud 3.x Any CVE-2020-3966 8.1 important 3.10 Controller None
Foundation
3g. Information leak in the XHCI USB controller (CVE-2020-3965)
Description
VMware ESXi, Workstation and Fusion contain an information leak in the XHCI USB
controller. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors
A malicious actor with local access to a virtual machine may be able to read
privileged information contained in hypervisor memory from a virtual machine.
Resolution
To remediate CVE-2020-3965 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3965 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Cfir Cohen of Google Cloud security for reporting
this issue to us.
Notes
None.
3h. Information Leak in the EHCI USB controller (CVE-2020-3964)
Description
VMware ESXi, Workstation and Fusion contain an information leak in the EHCI USB
controller. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 5.9.
Known Attack Vectors
A malicious actor with local access to a virtual machine may be able to read
privileged information contained in the hypervisor's memory. Additional
conditions beyond the attacker's control need to be present for exploitation to
be possible.
Resolution
To remediate CVE-2020-3964 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
Workarounds for CVE-2020-3964 have been been listed in the 'Workarounds' column
of the 'Response Matrix' below.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Cfir Cohen of Google Cloud security for reporting
this issue to us.
Notes
None.
3i. Use-after-free vulnerability in PVNVRAM (CVE-2020-3963)
Description
VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in
PVNVRAM. VMware has evaluated the severity of this issue to be in the Moderate
severity range with a maximum CVSSv3 base score of 5.9.
Known Attack Vectors
A malicious actor with local access to a virtual machine may be able to read
privileged information contained in physical memory.
Resolution
To remediate CVE-2020-3963 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Cfir Cohen of Google Cloud security for reporting
this issue to us.
Notes
[4]The workarounds documented in the Response Matrix below are not applicable
to CVE-2020-3963.
Response Matrix - 3g, 3h, 3i
Product Version Running CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional
On Documentation
CVE-2020-3965, [4]Remove
ESXi 7.0 Any CVE-2020-3963, 7.1 important ESXi_7.0.0-1.20.16321839 USB None
CVE-2020-3964 Controller
CVE-2020-3965, [4]Remove
ESXi 6.7 Any CVE-2020-3963, 7.1 important ESXi670-202006401-SG USB None
CVE-2020-3964 Controller
CVE-2020-3965, [4]Remove
ESXi 6.5 Any CVE-2020-3963, 7.1 important ESXi650-202005401-SG USB None
CVE-2020-3964 Controller
CVE-2020-3965, [4]Remove
Fusion 11.x Any CVE-2020-3963, 7.1 important 11.5.2 USB None
CVE-2020-3964 Controller
CVE-2020-3965, [4]Remove
Workstation 15.x Any CVE-2020-3963, 7.1 important 15.5.2 USB None
CVE-2020-3964 Controller
VMware CVE-2020-3965, [4]Remove
Cloud 4.x Any CVE-2020-3963, 7.1 important Release Pending (4.0.1) USB None
Foundation CVE-2020-3964 Controller
VMware CVE-2020-3965, Release Pending [4]Remove
Cloud 3.x Any CVE-2020-3963, 7.1 important (3.10.0.1) USB None
Foundation CVE-2020-3964 Controller
3j. Heap overflow vulnerability in vmxnet3 (CVE-2020-3971)
Description
VMware ESXi, Fusion and Workstation contain a heap overflow vulnerability in
the vmxnet3 virtual network adapter. VMware has evaluated the severity of this
issue to be in the Moderate severity range with a maximum CVSSv3 base score of
5.9.
Known Attack Vectors
A malicious actor with local access to a virtual machine with a vmxnet3 network
adapter present may be able to read privileged information contained in
physical memory.
Resolution
To remediate CVE-2020-3971 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Acknowledgements
VMware would like to thank Tianwen Tang(VictorV) of Qihoo 360Vulcan Team for
reporting this issue to us.
Notes
None.
Response Matrix - 3j
Product Version Running CVE CVSSv3 Severity Fixed Version Workarounds Additional
On Identifier Documentation
ESXi 7.0 Any CVE-2020-3971 N/A N/A Unaffected N/A N/A
ESXi 6.7 Any CVE-2020-3971 5.9 moderate ESXi670-201904101-SG None. None
ESXi 6.5 Any CVE-2020-3971 5.9 moderate ESXi650-201907101-SG None None
Fusion 11.x Any CVE-2020-3971 5.9 moderate 11.0.2 None None
Workstation 15.x Any CVE-2020-3971 5.9 moderate 15.0.2 None None
VMware
Cloud 4.x Any CVE-2020-3971 N/A N/A Unaffected None None
Foundation
VMware
Cloud 3.x Any CVE-2020-3971 5.9 moderate 3.7.2 None None
Foundation
4. References
Downloads and Documentation:
VMware Patch Release ESXi 7.0b
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/
vsphere-esxi-vcenter-server-70-release-notes.html
VMware ESXi 6.7 ESXi670-202004101-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202004002.html
VMware ESXi 6.7 ESXi670-201904101-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/
vsphere-esxi-67u2-release-notes.html
VMware ESXi 6.5 ESXi650-202005401-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202005001.html
VMware ESXi 6.5 ESXi650-201907101-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/
vsphere-esxi-65u3-release-notes.html
VMware Workstation Pro 15.5.5 (Latest)
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.5.5 (Latest)
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion 11.5.5 (Latest)
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
VMware Cloud Foundation 4.0.1
*release pending*
VMware Cloud Foundation 3.10.0.1
*release pending*
VMware Cloud Foundation 3.7.2
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.7.2/rn/
VMware-Cloud-Foundation-372-Release-Notes.html
VMware Cloud Foundation
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10/rn/
VMware-Cloud-Foundation-310-Release-Notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3971
FIRST CVSSv3 Calculator:
CVE-2020-3962 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/
PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3963 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/
PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-3964 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/
PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-3965 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/
PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-3966 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/
PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3967 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/
PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3968 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/
PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3969 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/
PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3970 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/
PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-3971 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/
PR:L/UI:N/S:C/C:H/I:N/A:N
5. Change Log
2020-06-23 VMSA-2020-0014
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXvLfDuNLKJtyKPYoAQhR8Q/+NPnsjLrgb2DqkE0qovfNrXw2G1/vxKxg
VhAhQpj9yVIScM0lWWabt+BVEzNkzKTuMcRu8AqfsPnJ7fJ88ozJRsnQFXcDHCMD
Bno4mZBZjRoH/JVZf07nD8WfqW7wSGBuFwf39tQnh3zhXLjA8qCHeOu6VLuOBhDQ
B3KYth9ZXFtF+w4wiZmBC50SrH6X3f2BlloI4QEtaW2nkhpr1M+gJ8a6RmGhIWGT
KEwCarVt46V8wIF8Lp1z70Wd/PxpgXvJ7Mfikcz5FujRaa2bll1EXUXekkdyGJdh
nuoKmAc7kbxbP9fMyGcAgrQUQLMaIuBUTctVKgbTwCabYXqe0ay4vOvEvT4PCHaO
0jYLNZqJ7xNFqvIM3iFr8CGmKpI5aXYkeYdeM5UTbqx4EG3MDEdhRe0wnrK0rxli
Gr39OyAkKAa3Ckir4qtmMyBqDXfIojOXh4aJWB+rCU+ihFIcGizxNLDbmqCsflXL
3wFxg9ajRQ1nRmcOmtOeAYGyasAbV/reZt+TKWJzuwGLQf0Bme8+gbrCiK9xr+wC
DjJiD5viBDBHy7eY1yaigNP0KpVQ4JiJWw9+53kxB94VJgxsfPBfQZjBhp2q23Dw
p+8HhcIwRLt5472OI8EkBo42adw2GtD3MBhU6DWSuWyps+EKVe0EW/uQ38GGe+6l
bqr1JCncMMQ=
=GUnZ
-----END PGP SIGNATURE-----