copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AL-2007.0085 -- [Win][UNIX/Linux][Mac] -- Multiple vulnerabilities in Symantec products

Date: 17 July 2007

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2007.0085 -- AUSCERT ALERT
                          [Win][UNIX/Linux][Mac]
               Multiple vulnerabilities in Symantec products
                               17 July 2007

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              Symantec Mail Security	
                      Symantec AntiVirus
                      Symantec Scan Engine
                      Symantec Client Security	
                      Symantec Web Security
                      Symantec Gateway Security
                      Symantec Brightmail
                      Symantec AntiSpam
                      Norton AntiVirus
                      Norton Internet Security
                      Norton SystemWorks
                      Norton Personal Firewall
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Mac OS
                      Windows
Impact:               Administrator Compromise
                      Execute Arbitrary Code/Commands
                      Denial of Service
Access:               Remote/Unauthenticated
                      Existing Account
CVE Names:            CVE-2007-3771 CVE-2007-0447

Original Bulletin:
http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
http://www.symantec.com/avcenter/security/Content/2007.07.11c.html
http://www.symantec.com/avcenter/security/Content/2007.07.11b.html

Comment: There are three Symantec bulletins contained in this alert, each
         for a separate vulnerability in various Symantec products.
         
         The first of these (SYM07-019) could allow the remote execution of
         arbitrary code if a malicious CAB file is scanned manually or
         automatically.

Revision History:     July 17 2007: Corrected CVE numbers
                      July 16 2007: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

SYM07-019
July 11, 2007
Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass

Revision History
Removed invalid CVE information
Added missing product information

Risk Impact
High

Remote Access              Yes
Local Access               No
Authentication Required    No
Exploit publicly available No

Overview
Two vulnerabilities have been identified in the Symantec Decomposer
component used to decompose some types of archive content while
scanning for malicious content.

Affected Enterprise Products 

Product				Version			Builds		Update To
Symantec Mail Security		8200			All		5.0.0.24
Symantec Mail Security for
Microsoft Exchange 		4.6.3 and earlier	All		4.6.8.120
				5.0.0.204		All		5.0.6.368
				6.0.0			All		6.0.0.1 or later
Symantec Mail Security for
Domino NT			4.1.4 and earlier	All		4.1.9.37
				5.0.0.47 		All 		5.1.4.32
Symantec AntiVirus/
Filtering for Domino
MPE(AIX, Linux, Solaris)	3.0.12 and earlier	All		3.2.2.27 /-
Symantec Scan Engine 		5.0.1 and earlier 	All 		5.1.4.24
Symantec AntiVirus Scan 
Engine 				4.1.8 and earlier 	All 		4.3.18.43
				4.3.12 and earlier 	All 		4.3.17 or later
Symantec AntiVirus Scan
Engine for MS ISA 		4.3.12 and earlier 	All   		4.3.17 or later
Symantec AntiVirus Scan
Engine for MS Sharepoint 	4.3.12 and earlier	All 		4.3.17 or later
Symantec AntiVirus Scan
Engine for Messaging 		4.3.12 and earlier 	All		4.3.17 or later
Symantec AntiVirus for
Network Attached Storage 	4.3.12 and earlier 	All		4.3.17 or later
Symantec AntiVirus Scan 
Engine for Clearswift 		4.3.12 and earlier 	All		4.3.17 or later
Symantec AntiVirus Scan 
Engine for Caching 		4.3.12 and earlier 	All		4.3.17 or later
Symantec Client Security	3.0 			All 		Update to SCS 3.1
				3.X 			All 		SCS 3.1 MR6 (build 3.1.6.6000)
				2.X 			All 		SCS 2.0 MR6-MP1
									(build 2.0.6.1100)/-/-
Symantec Web Security 		3.0.1.76 and earlier 	All 		3.0.1.85
Symantec Gateway Security
5000 Series 			3.0.1 			All 		Update F or later
Symantec Gateway Security 	
5400 Series 			2.0.1 			All		Upgrade to 3.0.1
Symantec Brightmail
AntiSpam 			6.0.x 			All 		6.05
				5.5 			All		6.05
				4.x 			All		6.05
Symantec AntiVirus 
Corporate Edition 		10.1 			SAV 10.1.5.5000 SAV 10.1 MR6 
							and earlier	(build 10.1.6.6000)/-/-
				10.0 			All 		Upgrade to SAV 10.1 MR6
									(build 10.1.6.6000)/-/-
				9.0 			SAV 9.0.6.1000 	SAV 9.0 MR6-MP1 
							and earlier 	(build 9.0.6.1100)
Symantec AntiVirus 
Corperate Edition 
for Linux
Symantec AntiVirus for 
Macintosh 			10.X 			All 		Update to any definition after 10/1/2006
Symantec Web Security for
Microsoft ISA 2004 		5.0 			All 		5.0.3
Symantec Mail Security 
for SMTP 			5.0.0 Solaris 		All 		Patch 175
				5.0.0 Linux 		All 		Patch 175
				5.0.0 Windows 		All 		Patch 176
				5.0.1 			All 		Patch 181

/- Symantec AntiVirus/Filtering for Domino MPE is no longer supported.
Customers are encouraged to upgrade to Symantec Mail Security for
Domino MPE

/-/- Customers using the SAV CE Linux client should upgrade to version
1.0.2-75. This build is available by downloading the latest SAV CE
10.X or SCS 3.X build from FileConnect."

Affected Consumer Products 

Product				Version 		Builds 	Update To
Norton AntiVirus 		2006 			All 	Run LiveUpdate in Interactive Mode
				2005 			All 	Run LiveUpdate in Interactive Mode
				2004 			All 	Run LiveUpdate in Interactive Mode
Norton Internet Security 	2006 			All 	Run LiveUpdate in Interactive Mode
				2005.5 AntiSpyware
				Edition 		All 	Run LiveUpdate in Interactive Mode
				2005 			All 	Run LiveUpdate in Interactive Mode
				2004 			All 	Run LiveUpdate in Interactive Mode
Norton SystemWorks 		2006 			All 	Run LiveUpdate in Interactive Mode
				2005 			All 	Run LiveUpdate in Interactive Mode
				2004 			All 	Run LiveUpdate in Interactive Mode
Norton Personal Firewall 	2006 			All 	Run LiveUpdate in Interactive Mode
Norton AntiVirus for 
Macintosh 			10.X 			All 	Update to any definition after 10/1/2006
				9.X 			All
Norton Internet Security
for Macintosh 			3.X 			All 	Update to any definition after 10/1/2006
Norton SystemWorks for 
Macintosh 			3.X 			All 	Update to any definition after 10/1/2006

Products Not Affected:

Product                                              Version Builds
Symantec AntiVirus for HandHelds - Corporate Edition   All    All
Symantec AntiVirus for Handhelds                       All    All
Symantec Client Security for Nokia                     All    All
Symantec Enterprise Firewall                           8.0    All
Symantec Clientless VPN Gateway 4400 Series            5.0    All
Symantec Firewall / VPN Appliance                    100/200  All
Symantec Gateway Security 300/400 Series               2.0    All
Norton AntiVirus for Macintosh                         7.X    All
Norton AntiVirus for Macintosh                         8.X    All
Norton Internet Security for Macintosh                 2.X    All
Norton SystemWorks for Macintosh                       2.X    All
Norton360                                              All    All
Symantec AntiVirus Corporate Edition                  10.2    All
Norton AntiVirus                                      2007    All
Norton Internet Security                              2007    All
Norton System works                                   2007    All

Details
The first vulnerability is related to the decomposition of RAR files.
Modifying the RAR file header in a specific way, causes the decomposer
to enter an infinite loop causing a Denial of Service.

The second vulnerability is related to the decomposition of CAB files.
The Symantec Decomposer fails to perform proper bounds checks when
copying from the CAB archive. This may result in the possibility of
arbitary code execution on the vulnerable system.

NOTE:
 1. Only currently supported Symantec Products will be updated.
    Customers using unsupported versions are encouraged to upgrade to
    a supported version.

Symantec response
Symantec engineers have verified and corrected these issues in all
currently supported products. Updates are available for supported
products. Symantec recommends customers apply the latest product
update available for their supported product versions to enhance their
security posture and protect against potential security threats of
this nature.
Product updates will be available from the Symantec support site:
http://www.symantec.com/techsupp/ or via LiveUpdate when
available.
Symantec Norton product users who regularly launch and run LiveUpdate
should already have received an updated (non-vulnerable) version of
(product/component). However, to ensure all available updates have
been applied, users can manually launch and run LiveUpdate in
Interactive mode as follows:
  * Open any installed Norton product
  * Click on LiveUpdate in the GUI

To perform a manual update using Symantec LiveUpdate, users should:
  * Open any installed Symantec product
  * Click on LiveUpdate in the toolbar
  * Run LiveUpdate until all available Symantec product updates are
    downloaded and installed

To date, Symantec is not aware of any exploits for these issues.

Best Practices
As part of normal best practices, Symantec strongly recommends:
  * Restrict access to administration or management systems to
    privileged users.
  * Restrict remote access, if required, to trusted/authorized systems
    only.
  * Run under the principle of least privilege where possible to limit
    the impact of exploit by threats such as this.
  * Keep all operating systems and applications updated with the
    latest vendor patches.
  * Follow a multi-layered approach to security. Run both firewall and
    antivirus applications, at a minimum, to provide multiple points
    of detection and protection to both inbound and outbound threats.
  * Deploy network intrusion detection systems to monitor network
    traffic for signs of anomalous or suspicious activity. This may
    aid in detection of attacks or malicious activity related to
    exploitation of latent vulnerabilities

Credit
Symantec would like to thank 3COM, and the Zero Day Initiative for
reporting these issues and providing full coordination while Symantec
resolved them.
     ___________________________________________________________

Symantec takes the security and proper functionality of its products
very seriously. As founding members of the Organization for Internet
Safety (OISafety), Symantec follows the principles of responsible
disclosure. Symantec also subscribes to the vulnerability guidelines
outlined by the National Infrastructure Advisory Council (NIAC).
Please contact secure@symantec.com if you feel you have discovered
a potential or actual security issue with a Symantec product. A
Symantec Product Security team member will contact you regarding your
submission.

Symantec has developed a Product Vulnerability Handling Process
document outlining the process we follow in addressing suspected
vulnerabilities in our products. We support responsible disclosure of
all vulnerability information in a timely manner to protect Symantec
customers and the security of the Internet as a result of
vulnerability. This document is available from the location provided
below.

Symantec strongly recommends using encrypted email for reporting
vulnerability information to secure@symantec.com. The Symantec
Product Security PGP key can be obtained from the location provided
below.
Symantec-Product-Vulnerability-Response Symantec Vulnerability
Response Policy Symantec Product Vulnerability Management PGP Key
Symantec Product Vulnerability Management PGP Key
  _________________________________________________________________

Copyright (c) 2007 by Symantec Corp.
Permission to redistribute this alert electronically is granted as
long as it is not edited in any way unless authorized by Symantec
Security Response. Reprinting the whole or part of this alert in any
medium other than electronically requires permission from
secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time
of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and
secure@symantec.com are registered trademarks of Symantec Corp.
and/or affiliated companies in the United States and other countries.
All other registered and unregistered trademarks represented in this
document are the sole property of their respective companies/owners.
Initial Post on: Wednesday, 11-Jul-07 7:00:00
Last modified on: Thursday, 12-Jul-07 12:45:49

========================================================================

SYM07-017
11 July, 2007
Symantec AntiVirus Corporate Edition Local Elevation of Privilege

Revision History
None

Risk Impact
Medium

Remote Access           No
Local Access            Yes
Authentication Required Yes
Exploit available       No

Overview
A notification window displayed by Symantecs Real-Time protection
service could be exploited by a local user to gain elevated privileges
on the local system.

Affected Products

Product 			Affected Version* 	Solution
Symantec AntiVirus 
Corporate Edition 		9.0 			SAV 9.0.6 MR6 MP1- build 1100 or later
http://www.symantec.com/enterprise/support/all_products.jsp 
				10.0			10.1.4 MR4 MP1- build 4010 or later
http://www.symantec.com/enterprise/support/all_products.jsp 
				10.1			10.1.4 MR4 MP1- build 4010 or later
http://www.symantec.com/enterprise/support/all_products.jsp 
Symantec Client Security 	2.0 			SCS 2.0.6 MR6 MP1 - build 1100 or later
http://www.symantec.com/enterprise/support/all_products.jsp
				3.0 			SCS 3.1.4 MR4 MP1 - build 4010 or later
http://www.symantec.com/enterprise/support/all_products.jsp
				3.1			SCS 3.1.4 MR4 MP1 - build 4010 or later
http://www.symantec.com/enterprise/support/all_products.jsp

Note: *All versions and builds prior to the version listed under
Solution are affected.
Symantec AntiVirus Corporate Edition 10.0 (SAV CE) users can obtain
this update by migrating to SAV CE 10.1MR4 MP1 or later. Symantec
Client Security (SCS) 3.0 users can obtain the update by migrating to
SCS 3.1 MR4 MP1 or later. Symantec Platinum Support customers can also
download updates from the Platinum Web site.

Unaffected Products

Product                                  Version
Norton Product line                        All
Symantec AntiVirus Corporate Edition 10.2, all builds
Symantec AntiVirus for Linux               All

Details
The Real-Time scanner (RTVScan) component of Symantec Antivirus
Corporate Edition provides notification and logging services for the
product. One function of RTVScan is to display a notification window
with information about a threat found on the system, if the program is
configured to use that option. Ali Rahbar notified Symantec that an
unprivileged user could potentially attack this window with specially
crafted code, and gain SYSTEM level privileges on their local system.
The user could then run code of their choice on their local system.

Symantec response
Symantec engineers have verified that the issue exists in the versions
of Symantec AntiVirus Corporate Edition listed in the table above. Our
investigation showed that the potential attack is limited to the local
user, and that the elevation of privilege is limited to the users own
system.
Symantec is not aware of any customers impacted by this issue, or of
any attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied
patches for all application software and operating systems up-to-date.
Symantec recommends any affected customers update their product
immediately to protect against potential attempts to exploit this
issue.

Mitigation
In a managed environment, administrators can disable Notification
Message (alert) window, and lock the notification option to prevent
users from re-enabling the Notification Message window.

Best Practice
Symantec recommends any affected customers update their product to
protect against potential attempts to exploit this issue. As part of
normal best practices, Symantec recommends the following:
  * Run under the principle of least privilege to limit the impact of
    exploits.
  * Keep all operating systems and applications updated with the
    latest vendor patches.
  * Follow a multi-layered approach to security. Run both firewall and
    antivirus software to provide multiple points of detection and
    protection from inbound and outbound threats.
  * Use network intrusion detection systems to monitor network traffic
    for signs of anomalous activity. This may aid in detection of
    attacks related to exploitation of vulnerabilities.

Credit
Symantec would like to thank Ali Rahbar of Sysdream
(http://www.sysdream.com) for reporting this issue.

References
This issue is a candidate for inclusion in the Common Vulnerabilities
and Exposures (CVE) list (http://cve.mitre.org), which
standardizes names for security problems. A CVE identifier has been
requested for this vulnerability.
SecurityFocus (http://www.securityfocus.com) has assigned Bugtraq
ID (BID) 24810 to this issue.
     ___________________________________________________________

Symantec takes the security and proper functionality of its products
very seriously. As founding members of the Organization for Internet
Safety (OISafety), Symantec follows the principles of responsible
disclosure. Symantec also subscribes to the vulnerability guidelines
outlined by the National Infrastructure Advisory Council (NIAC).
Please contact secure@symantec.com if you feel you have discovered
a potential or actual security issue with a Symantec product. A
Symantec Product Security team member will contact you regarding your
submission.

Symantec has developed a Product Vulnerability Handling Process
document outlining the process we follow in addressing suspected
vulnerabilities in our products. We support responsible disclosure of
all vulnerability information in a timely manner to protect Symantec
customers and the security of the Internet as a result of
vulnerability. This document is available from the location provided
below.

Symantec strongly recommends using encrypted email for reporting
vulnerability information to secure@symantec.com. The Symantec
Product Security PGP key can be obtained from the location provided
below.
Symantec-Product-Vulnerability-Response Symantec Vulnerability
Response Policy Symantec Product Vulnerability Management PGP Key
Symantec Product Vulnerability Management PGP Key
  _________________________________________________________________

Copyright (c) 2007 by Symantec Corp.
Permission to redistribute this alert electronically is granted as
long as it is not edited in any way unless authorized by Symantec
Security Response. Reprinting the whole or part of this alert in any
medium other than electronically requires permission from
secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time
of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and
secure@symantec.com are registered trademarks of Symantec Corp.
and/or affiliated companies in the United States and other countries.
All other registered and unregistered trademarks represented in this
document are the sole property of their respective companies/owners.
Initial Post on: Tuesday, 26-Jun-07 12:00:00
Last modified on: Friday, 13-Jul-07 16:16:02

=========================================================================

SYM07-016
July 11, 2007
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow

Revision History
None

Severity
Low

Remote Access              No
Local Access               Yes
Authentication Required    Yes
Exploit publicly available No

Overview
A stack overflow in Symantec Anti-Virus Corporate Editions Internet
Email Auto-Protect feature could potentially crash the Internet Email
scanning feature.

Affected Products 

Product 			Version 		Solution
Symantec AntiVirus 		9.x, all builds 	SAV 9 MR6
Corporate Edition 		prior to the solution	(SAV 9.0.6.1000) or later
https://fileconnect.symantec.com/
				10.0, all builds	Upgrade to version 10.1 or later
https://fileconnect.symantec.com/
Symantec Client Security	2.0.x, all builds	Symantec Client Security
				prior to the solution	2.0.6 MR6 (build 1000-31) or later
https://fileconnect.symantec.com/
				3.0.x, all builds 	Upgrade to SCS 3.1 or later
https://fileconnect.symantec.com/

NOTE: Platinum Support and Premium Support customers can also download
the updates from the Platinum Support Web site.

Unaffected Products

Product                              Version Build
Symantec AntiVirus Corporate Edition  10.1   all
                                      10.2   all
Symantec Client Security              3.1    all
Symantec Antivirus for Linux          all    all
Norton AntiVirus                      all    all
Norton Internet Security              all    all

Details
Symantec AntiVirus Corporate Editions Internet E-mail Auto-Protect
feature protects incoming and outgoing email messages that use the
POP3 or SMTP communications protocol. When Internet E-mail
Auto-Protect is enabled, an outgoing email with more than 951
characters in the To:, From: or Subject: fields could cause a stack
overflow. The stack overflow could crash the Internet E-mail real-time
protection service, resulting in a local denial of service. Subsequent
outgoing SMTP email messages will not be scanned if the service has
crashed.
File system Auto-Protect (real-time scanning), scheduled scanning, and
on-demand scanning are not affected if the Internet E-mail scanning
services has stopped, and these features will continue to function.
This issue was reported to Symantec by Jordi Corrales.

Symantec response
Symantec engineers have confirmed that this vulnerability exists in
the products listed above, and have provided updates to resolve the
issue.
This vulnerability exists only in the Internet E-mail Auto-Protect
feature, and it can be exploited only if the feature is enabled on the
users system. The Lotus Notes and Microsoft Exchange Auto-Protect
plug-ins are not impacted by this vulnerability.
Symantec is not aware of any customers impacted by this issue, or of
any attempts to exploit the issue.

Mitigation
Disable Internet E-Mail Auto-Protect, if the feature is not needed.
Administrators can lock this option to ensure that users cannot
accidentally re-enable it.

Best Practices
Symantec recommends any affected customers update their product
immediately to protect against potential attempts to exploit this
vulnerability. As part of normal best practices, Symantec recommends
the following:
  * Run under the principle of least privilege to limit the impact of
    exploits.
  * Keep all operating systems and applications updated with the
    latest vendor patches.
  * Follow a multi-layered approach to security. Run both firewall and
    antivirus software to provide multiple points of detection and
    protection from inbound and outbound threats.
  * Use network intrusion detection systems to monitor network traffic
    for signs of anomalous activity. This may aid in detection of
    attacks related to exploitation of vulnerabilities.

Credit
Symantec would like to thank Jordi Corrales for reporting this issue.

References
This issue is a candidate for inclusion in the Common Vulnerabilities
and Exposures (CVE) list (http://cve.mitre.org), which
standardizes names for security problems. The CVE initiative has
assigned CVE-2006-3456 to this issue
SecurityFocus (http://www.securityfocus.com) has assigned Bugtraq
ID (BID) 24802 to this issue.
     ___________________________________________________________

Symantec takes the security and proper functionality of its products
very seriously. As founding members of the Organization for Internet
Safety (OISafety), Symantec follows the principles of responsible
disclosure. Symantec also subscribes to the vulnerability guidelines
outlined by the National Infrastructure Advisory Council (NIAC).
Please contact secure@symantec.com if you feel you have discovered
a potential or actual security issue with a Symantec product. A
Symantec Product Security team member will contact you regarding your
submission.

Symantec has developed a Product Vulnerability Handling Process
document outlining the process we follow in addressing suspected
vulnerabilities in our products. We support responsible disclosure of
all vulnerability information in a timely manner to protect Symantec
customers and the security of the Internet as a result of
vulnerability. This document is available from the location provided
below.

Symantec strongly recommends using encrypted email for reporting
vulnerability information to secure@symantec.com. The Symantec
Product Security PGP key can be obtained from the location provided
below.
Symantec-Product-Vulnerability-Response Symantec Vulnerability
Response Policy Symantec Product Vulnerability Management PGP Key
Symantec Product Vulnerability Management PGP Key
  _________________________________________________________________

Copyright (c) 2007 by Symantec Corp.
Permission to redistribute this alert electronically is granted as
long as it is not edited in any way unless authorized by Symantec
Security Response. Reprinting the whole or part of this alert in any
medium other than electronically requires permission from
secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time
of publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and
secure@symantec.com are registered trademarks of Symantec Corp.
and/or affiliated companies in the United States and other countries.
All other registered and unregistered trademarks represented in this
document are the sole property of their respective companies/owners.
Initial Post on: Wednesday, 11-Jul-07 8:00:00
Last modified on: Wednesday, 11-Jul-07 15:41:05

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRpxqzCh9+71yA2DNAQJ+wwP/bJnU3miICRANkup/4i9W9nAaflc2zIF5
8UnZ5+lS/hYFyoLBfMNdSpVCE+TsNEmQKUN+7AHgsKVv15rpI2HuM7ovy5qtOwde
nv7JmiLNhqS6OW5yxnrCy3TSBS6egS+OXgZICI2Ywtyf5K7HOhTiBK2pC5syDljv
ir8hxdDIwHY=
=nYbL
-----END PGP SIGNATURE-----