-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2021.1489.2
                  Advisory (icsa-21-119-04) Multiple RTOS
                              18 August 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Real-time Operating Systems (RTOS) products
Publisher:         ICS-CERT
Operating System:  Network Appliance
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-31572 CVE-2021-31571 CVE-2021-30636
                   CVE-2021-27504 CVE-2021-27502 CVE-2021-27439
                   CVE-2021-27435 CVE-2021-27433 CVE-2021-27431
                   CVE-2021-27429 CVE-2021-27427 CVE-2021-27425
                   CVE-2021-27421 CVE-2021-27419 CVE-2021-27417
                   CVE-2021-27411 CVE-2021-26706 CVE-2021-26461
                   CVE-2021-22684 CVE-2021-22680 CVE-2021-22636
                   CVE-2021-22156 CVE-2021-3420 CVE-2020-35198
                   CVE-2020-28895  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

Comment: This advisory references vulnerabilities in products which run on 
         multiple platforms. It is recommended that administrators
           running Real-time Operating Systems (RTOS) products check for an 
         updated version of the software for their operating system.

Revision History:  August 18 2021: Advisory updated to include newly disclosed
                   details about vulnerable Blackberry QNX-based products.
                   See ACSC alert at: https://www.cyber.gov.au/acsc/view-all-content/alerts/vulnerability-affecting-blackberry-qnx-rtos
                   April  30 2021: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-21-119-04)

Multiple RTOS (Update C)

Original release date: August 17, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.8
  o ATTENTION: Exploitable remotely/low attack complexity
  o Vendors: Multiple
  o Equipment: Multiple
  o Vulnerabilities: Integer Overflow or Wraparound

CISA is aware of a public report, known as "BadAlloc" that details
vulnerabilities found in multiple real-time operating systems (RTOS) and
supporting libraries. CISA is issuing this advisory to provide early notice of
the reported vulnerabilities and identify baseline mitigations for reducing
risks to these and other cybersecurity attacks.

The various open-source products may be implemented in forked repositories.

2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory update titled
ICSA-21-119-04 Multiple RTOS (Update B) that was published May 24, 2021, to the
ICS webpage on us-cert.cisa.gov.

3. RISK EVALUATION

Successful exploitation of these vulnerabilities could result in unexpected
behavior such as a crash or a remote code injection/execution.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

  o Amazon FreeRTOS, Version 10.4.1
  o Apache Nuttx OS, Version 9.1.0
  o ARM CMSIS-RTOS2, versions prior to 2.1.3
  o ARM Mbed OS, Version 6.3.0
  o ARM mbed-ualloc, Version 1.3.0

- --------- Begin Update C Part 1 of 3 ---------

  o BlackBerry QNX SDP Versions 6.5.0 SP1 and earlier
  o BlackBerry QNX OS for Safety Versions 1.0.1 and earlier safety products
    compliant with IEC 61508 and/or ISO 26262
  o BlackBerry QNX OS for Medical Versions 1.1 and earlier safety products
    compliant with IEC 62304
       A full list of affected QNX products and versions is available here

- --------- End Update C Part 1 of 3 ---------

  o Cesanta Software Mongoose OS, v2.17.0
  o eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
  o Google Cloud IoT Device SDK, Version 1.0.2
  o Media Tek LinkIt SDK, versions prior to 4.6.1
  o Micrium OS, Versions 5.10.1 and prior
  o Micrium uC/OS: uC/LIB Versions 1.38.xx, Version 1.39.00
  o NXP MCUXpresso SDK, versions prior to 2.8.2
  o NXP MQX, Versions 5.1 and prior
  o Redhat newlib, versions prior to 4.0.0
  o RIOT OS, Version 2020.01.1
  o Samsung Tizen RT RTOS, versions prior 3.0.GBB
  o TencentOS-tiny, Version 3.1.0
  o Texas Instruments CC32XX, versions prior to 4.40.00.07
  o Texas Instruments SimpleLink MSP432E4XX
  o Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
  o Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
  o Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
  o Uclibc-NG, versions prior to 1.0.36
  o Windriver VxWorks, prior to 7.0
  o Zephyr Project RTOS, versions prior to 2.5

4.2 VULNERABILITY OVERVIEW

4.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Media Tek LinkIt SDK versions prior to 4.6.1 is vulnerable to integer overflow
in memory allocation calls pvPortCalloc(calloc) and pvPortRealloc(realloc),
which can lead to memory corruption on the target device.

CVE-2021-30636 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.2 INTEGER OVERFLOW OR WRAPAROUND CWE-190

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around
inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to
arbitrary memory allocation, resulting in unexpected behavior such as a crash
or injected code execution.

CVE-2021-27431 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.3 INTEGER OVERFLOW OR WRAPAROUND CWE-190

ARM mbed-ualloc memory library Version 1.3.0 is vulnerable to integer
wrap-around in function mbed_krbs, which can lead to arbitrary memory
allocation, resulting in unexpected behavior such as a crash or a remote code
injection/execution.

CVE-2021-27433 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.4 INTEGER OVERFLOW OR WRAPAROUND CWE-190

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in
malloc_wrapper function, which can lead to arbitrary memory allocation,
resulting in unexpected behavior such as a crash or a remote code injection/
execution.

CVE-2021-27435 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.5 INTEGER OVERFLOW OR WRAPAROUND CWE-190

RIOT OS Versions 2020.01.1 is vulnerable to integer wrap-around in its
implementation of calloc function, which can lead to arbitrary memory
allocation, resulting in unexpected behavior such as a crash or a remote code
injection/execution.

CVE-2021-27427 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.6 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Samsung Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in
functions_calloc and mm_zalloc. This improper memory assignment can lead to
arbitrary memory allocation, resulting in unexpected behavior such as a crash.

CVE-2021-22684 has been assigned to this vulnerability. A CVSS v3 base score of
3.2 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:N/UI:N/S:C/
C:N/I:N/A:L ).

4.2.7 INTEGER OVERFLOW OR WRAPAROUND CWE-190

TencentOS-tiny Version 3.1.0 is vulnerable to integer wrap-around in function
'tos_mmheap_alloc incorrect calculation of effective memory allocation size.
This improper memory assignment can lead to arbitrary memory allocation,
resulting in unexpected behavior such as a crash or a remote code injection/
execution.

CVE-2021-27439 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.8 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in
function mm_malloc. This improper memory assignment can lead to arbitrary
memory allocation, resulting in unexpected behavior such as a crash or a remote
code injection/execution.

CVE-2021-27425 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.9 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Apache Nuttx OS Version 9.1.0 is vulnerable to integer wrap-around in functions
malloc, realloc and memalign. This improper memory assignment can lead to
arbitrary memory allocation, resulting in unexpected behavior such as a crash
or a remote code injection/execution.

CVE-2021-26461 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.10 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Wind River VxWorks several versions prior to 7.0 firmware is vulnerable to
weaknesses found in the following functions; calloc(memLib), mmap/mmap64
(mmanLib), cacheDmaMalloc(cacheLib) and cacheArchDmaMalloc(cacheArchLib). This
improper memory assignment can lead to arbitrary memory allocation, resulting
in unexpected behavior such as a crash or a remote code injection/execution.

CVE-2020-35198 and CVE-2020-28895 have been assigned to this vulnerability. A
CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ( AV:N
/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L ).

4.2.11 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Amazon FreeRTOS Version 10.4.1 is vulnerable to integer wrap-around in multiple
memory management API functions (MemMang, Queue, StreamBuffer). This unverified
memory assignment can lead to arbitrary memory allocation, resulting in
unexpected behavior such as a crash or a remote code injection/execution.

CVE-2021-31571 and CVE-2021-31572 have been assigned to this vulnerability. A
CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ( AV:N
/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L ).

4.2.12 INTEGER OVERFLOW OR WRAPAROUND CWE-190

eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer
wraparound in function calloc (an implementation of malloc). The unverified
memory assignment can lead to arbitrary memory allocation, resulting in a
heap-based buffer overflow.

CVE-2021-27417 has been assigned to this vulnerability. A CVSS v3 base score of
4.6 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:H/UI:R/S:U/
C:N/I:L/A:H ).

4.2.13 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Redhat newlib versions prior to 4.0.0 are vulnerable to integer wrap-around in
malloc and nano-malloc family routines (memalign, valloc, pvalloc,
nano_memalign, nano_valloc, nano_pvalloc) due to insufficient checking in
memory alignment logic. This insufficient checking can lead to arbitrary memory
allocation, resulting in unexpected behavior such as a crash or a remote code
injection/execution.

CVE-2021-3420 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

4.2.14 INTEGER OVERFLOW OR WRAPAROUND CWE-190

NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow
in SDK_Malloc function, which could allow to access memory locations outside
the bounds of a specified array, leading to unexpected behavior such
segmentation fault when assigning a particular block of memory from the heap
via malloc.

CVE-2021-27421 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.15 INTEGER OVERFLOW OR WRAPAROUND CWE-190

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc,
_lwmem_alloc and _partition functions. This unverified memory assignment can
lead to arbitrary memory allocation, resulting in unexpected behavior such as a
crash or a remote code injection/execution.

CVE-2021-22680 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.16 INTEGER OVERFLOW OR WRAPAROUND CWE-190

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in
functions malloc-simple. This improper memory assignment can lead to arbitrary
memory allocation, resulting in unexpected behavior such as a crash or a remote
code injection/execution.

CVE-2021-27419 has been assigned to this vulnerability. A CVSS v3 base score of
7.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:L/I:L/A:L ).

4.2.17 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on
extremely large values. This can trigger an integer overflow vulnerability in
'HeapTrack_alloc' and result in code execution.

CVE-2021-27429 has been assigned to this vulnerability. A CVSS v3 base score of
7.4 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

4.2.18 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on
extremely large values, which can trigger an integer overflow vulnerability in
'malloc' and result in code execution.

CVE-2021-22636 has been assigned to this vulnerability. A CVSS v3 base score of
7.4 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

4.2.19 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a
small buffer on extremely large values, which can trigger an integer overflow
vulnerability in 'malloc' for FreeRTOS, resulting in code execution.

CVE-2021-27504 has been assigned to this vulnerability. A CVSS v3 base score of
7.4 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

4.2.20 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc
returns a valid pointer to a small buffer on extremely large values, which can
trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and
result in code execution.

CVE-2021-27502 has been assigned to this vulnerability. A CVSS v3 base score of
7.4 has been calculated; the CVSS vector string is ( AV:L/AC:H/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

4.2.21 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Google Cloud IoT Device SDK Version 1.0.2 is vulnerable to heap overflow due to
integer overflow in its implementation of calloc, which can lead to arbitrary
memory allocation, resulting in unexpected behavior such as a crash or code
execution.

Google PSIRT will assign a CVE. CVSS score will be calculated when a CVE has
been assigned.

4.2.22 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in
functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This
unverified memory assignment can lead to arbitrary memory allocation, resulting
in unexpected behavior such as very small blocks of memory being allocated
instead of very large ones.

CVE-2021-27411 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:N/I:L/A:L ).

4.2.23 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Micrium uC/OS: uC/LIB Versions 1.38.xx, 1.39.00 are vulnerable to integer
wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and
Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory
allocation, resulting in unexpected behavior such as very small blocks of
memory being allocated instead of very large ones.

CVE-2021-26706 has been assigned to this vulnerability. A CVSS v3 base score of
6.5 has been calculated; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/
C:N/I:L/A:H ).

4.2.24 INTEGER OVERFLOW OR WRAPAROUND CWE-190

Zephyr Project RTOS versions prior to 2.5 are vulnerable to integer wrap-around
sys_mem_pool_alloc function, which can lead to arbitrary memory allocation
resulting in unexpected behavior such as a crash or code execution.

CVE-2020-13603 has been assigned to this vulnerability. A CVSS v3 base score of
6.9 has been calculated; the CVSS vector string is ( AV:P/AC:H/PR:L/UI:R/S:C/
C:H/I:H/A:H ).

- --------- Begin Update C Part 2 of 3 ---------

4.2.25 INTEGER OVERFLOW OR WRAPAROUND CWE-190

BlackBerry QNX SDP Versions 6.5.0 SP1 and earlier, QNX OS for Safety Versions
1.0.1 and earlier, QNX OS for Medical Versions 1.1, and other products are
vulnerable to integer wrap-around in the calloc( ) C runtime function, which
can lead to arbitrary memory allocation, resulting in unexpected behavior such
as a crash or injected code execution.

CVE-2021-22156 has been assigned to this vulnerability. A CVSS v3 base score of
9.0 has been calculated; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:C/
C:H/I:H/A:H ).

- --------- End Update C Part 2 of 3 ---------

4.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Multiple
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Multiple

4.4 RESEARCHER

David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the
Azure Defender for IoT research group reported these vulnerabilities to CISA.

5. MITIGATIONS

  o Amazon FreeRTOS - Update available
  o Apache Nuttx OS Version 9.1.0 - Update available
  o ARM CMSIS-RTOS2 - Update in progress, expected in June
  o ARM Mbed OS - Update available
  o ARM mbed-ualloc - no longer supported and no fix will be issued

- --------- Begin Update C Part 3 of 3 ---------

  o Blackberry QNX 6.5.0SP1 - Update available . See public advisory
  o Blackberry QNX OS for Safety 1.0.2 - Update available . See public advisory
  o Blackberry QNX OS for Medical 1.1.1 - Update available . See public
    advisory

- --------- End Update C Part 3 of 3 ---------

  o Cesanta Software mongooses - Update available
  o eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer - Update
    available
  o Google Cloud IoT Device SDK - Update available
  o Media Tek LinkIt SDK - MediaTek will provide the update to users. No fix
    for free version, as it is not intended for production use.
  o Micrium OS: Update to v5.10.2 or later - Update available
  o Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 - Update
    available
  o NXP MCUXpresso SDK - Update to 2.9.0 or later
  o NXP MQX - update to 5.1 or newer
  o Redhat newlib - Update available
  o RIOT OS - Update available
  o Samsung Tizen RT RTOS - Update available
  o TencentOS-tiny - Update available
  o Texas Instruments CC32XX - Update to v4.40.00.07
  o Texas Instruments SimpleLink CC13X0 - Update to v4.10.03
  o Texas Instruments SimpleLink CC13X2-CC26X2 - Update to v4.40.00
  o Texas Instruments SimpleLink CC2640R2 - Update to v4.40.00
  o Texas Instruments SimpleLink MSP432E4 - Confirmed. No update currently
    planned
  o uClibc-ng - Update available
  o Windriver VxWorks - Update in progress
  o Zephyr Project: Update to 2.5 or later . Patches available for prior
    supported versions. See the Zephyr security advisory for more information.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:

  o Apply available vendor updates.
  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYRyTNONLKJtyKPYoAQhHzA/8D4ZiyrYaAgbpTHl7DMMeKWORolo8Zn7h
vE59PG+FE7PvVHVKFb3uROYayrmpgPN6jEGGuhx/JUfrr3qtYFWKZCDDwzElU9M6
vW+qAiSYm7JYHkmEUqcuR7gcf4Afw38paXr8nCmru16iCLHurQxS1TiyFFif/5JU
OzL6bhIhsgNMSOHXMyeeiZ60exRYBZ8PZYCz1qUc+hfR2k24UNXFcKh1F+GflahU
p64eKgf3a+m07MyrS3D8Y/KFi6loeKjh3sI8tQU9YuFuU6AksKtub8XZ+30fnVtN
8JElAdFArYDir3OEoIe95us5eWVMquEX+ngyUhq79ihXLqyvnJIFAWfWWGvwvk/m
Xijr9vyz4VlVChxTK2psuV+D6NC80OfDM057G/fnq9e4Oyug0PtBcW90rL8gbCmP
jC8LPnWqBcH0yF/FkbJtaJKkxB2sueKGjkclCJ5klEBedX4CIVuXRtp7rWtY9uqH
3XVh4YOEH+F0YLSjbvBAstPmEUz3f4PXAsL8xTRW7fw7ecoK/shkWDCdByiUvgNV
JfdQOFP1nRoqe1CpKPRz+TuyRXLcHjF+3EWm4hTWBny5u4b6XiI+k+b5EN4SksBS
Q3rFXRogsFK23098nN0yeWJo3h5XR7wV1ki8/K1Dzg6XW0Gxme+rrsSvrSWVHP/S
+v2ZU7wVLsI=
=hn/Z
-----END PGP SIGNATURE-----