OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ70826080882566493sans.org)
Date: Thu Jun 21 2001 - 15:20:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: Security Express (SD397643)
    Re: Your personalized newsletter

                          -- Security Alert Consensus --
                                Number 102 (01.25)
                             Thursday, June 21, 2001
                               Created for you by
                   Network Computing and the SANS Institute
                              Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to SANS' distribution of the Security Alert Consensus.

    ----------------------------------------------------------------------

    Is your network's security keeping you up at night? Keeping your
    network secure can be an around-the-clock job for you and your team.
    Don't lose sleep over it, managed security services can put your
    problems to rest. Learn how OneSecure can help you get some sleep.
    http://www.onesecure.com/news1

    ----------------------------------------------------------------------

    Another large Microsoft Windows IIS vulnerability was released this
    week. It involves a buffer overflow in the handling of particular Index
    Server-related Web requests. Those of you running IIS 4.0 or 5.0 should
    take a look at MS01-033 (reported in this issue as item {01.25.005}).

    In other general security news, there has been a lot of discussion about
    a new type of Web browser 'attack' nicknamed CSRF, or Cross-Site Request
    Forgeries, which are similar in concept to Cross-Site Scripting.
    Basically, it's possible for a malicious Web site or e-mail to embed
    URLs that will be automatically navigated by the user's browser. This
    could cause many unwanted side effects. Read all the details at:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0170.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0196.html

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {01.25.001} Win - Administrative access vulnerabilities in Trend Micro
                InterScan VirusWall
    {01.25.003} Win - MS01-032: SQL query method enables cached
                administrator connection to be reused
    {01.25.004} Win - Update {01.24.002}: MS01-030: Exchange OWA script
                execution
    {01.25.005} Win - MS01-033: Index Server ISAPI extension buffer overflow
    {01.25.029} Win - Cisco TFTP server file retrieval
    {01.25.031} Win - Multiple vulnerabilities in AMLServer
    {01.25.035} Win - SurgeFTP server file retrieval
    {01.25.036} Win - Rumpus FTP server second long directory name DoS
    {01.25.006} Linux - LPRng fails to drop supplemental group privs
    {01.25.007} Linux - mandb regains privileges too early
    {01.25.010} Linux - Update: {01.24.008}: xinetd umask may cause world
                writable files
    {01.25.011} Linux - Update {00.45.037}: Multiple tcpdump buffer
                overflows
    {01.25.014} Linux - BestCrypt unmount path overflow
    {01.25.016} Linux - Update {01.24.014}: exim remote printf format attack
    {01.25.017} Linux - rxvt command line buffer overflow
    {01.25.019} Linux - sysklogd crashes when receiving null byte
    {01.25.020} Linux - Update {01.24.020}: Potential buffer overflow in
                xinetd svc_logprint function
    {01.25.022} Linux - Update {01.23.002}: gpg file name format string
                vulnerability
    {01.25.023} Linux - Update {01.21.003}: Apache 1.3.20 available
    {01.25.002} BSD - PT_DETACH/ptrace kernel vulnerabilities
    {01.25.008} AIX - rsh command line argument buffer overflow
    {01.25.024} SCO - atcronsh TERM env variable overflow
    {01.25.025} SCO - auditsh TERM env variable overflow
    {01.25.026} SCO - termsh TERM env variable overflow
    {01.25.034} SCO - Tarantella ttaWebtop.cgi file disclosure via 'pg'
                parameter
    {01.25.015} NApps - Cisco NRP2 allows telnet without password
    {01.25.009} Cross - Webstore CGI authentication bypass/command execution
    {01.25.012} Cross - MDBMS '\s' console command overflow
    {01.25.013} Cross - ScreamingMedia SITEWare file retrieval
    {01.25.018} Cross - fetchmail large header buffer overflow
    {01.25.027} Cross - Update {01.24.021}: Scotty ntping host name buffer
                overflow
    {01.25.028} Cross - GazTek HTTP server buffer overflow
    {01.25.030} Cross - DCScripts.com DCShop sensitive data retrieval
    {01.25.032} Cross - Uburst.com udirectory CGI command execution via
                category_file parameter
    {01.25.033} Cross - pmpost PCP_LOG_DIR env variable symlink attack

    - --- Windows News -------------------------------------------------------

    *** {01.25.001} Win - Administrative access vulnerabilities in Trend
                    Micro InterScan VirusWall

    Two vulnerabilities have been found in versions 3.51 and 3.51J of Trend
    Micro's InterScan VirusWall: A remote attacker can bypass administrative
    authentication; and two buffer overflows in the handling of
    configuration options could allow a remote attacker (who gains
    administrative access via the above bug) to execute arbitrary code.

    These vulnerabilities are unconfirmed. The suggested workaround is to
    set up access control to allow only trusted hosts access.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0131.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0148.html

    *** {01.25.003} Win - MS01-032: SQL query method enables cached
                    administrator connection to be reused

    Microsoft has released MS01-032 ("SQL query method enables cached
    administrator connection to be reused"). Terminated connections to SQL
    Server remain cached for a short period of time, allowing a query method
    to be fashioned that reuses a cached connection belonging to an
    administrative ('sa') account.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS01-032.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/vendor/2001-q2/0053.html

    *** {01.25.004} Win - Update {01.24.002}: MS01-030: Exchange OWA script
                    execution

    On June 12, 2001, Microsoft discovered that the updated Exchange 2000
    patch for MS01-030 contained outdated files. Microsoft has corrected
    the error and provided an updated version of this patch for Exchange
    2000. (Note: This is the third actual patch to be released for MS01-030;
    the first patch contained regression errors.)

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS01-030.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/vendor/2001-q2/0054.html

    *** {01.25.005} Win - MS01-033: Index Server ISAPI extension buffer
                    overflow

    Microsoft has released MS01-033 ("Unchecked buffer in Index Server ISAPI
    extension could enable Web server compromise"). The indexing service
    included with IIS 4 and 5 installs ISAPI handlers for .ida and .idq
    files. It's possible for remote attackers to invoke this ISAPI handler
    and cause a buffer overflow, allowing them to execute arbitrary code
    with local system privileges.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

    Source: Microsoft
    http://archives.neohapsis.com/archives/vendor/2001-q2/0059.html

    *** {01.25.029} Win - Cisco TFTP server file retrieval

    Cisco distributes a TFTP server for use in transferring IOS images
    to/from devices. A recent report indicates that version 1.1 of the TFTP
    server allows a remote attacker to request files outside the tftp root
    by using reverse directory traversal ('..') notation.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html

    *** {01.25.031} Win - Multiple vulnerabilities in AMLServer

    Air Messenger LAN Server version 3.4.2 (and possibly prior) contains
    three particular vulnerabilities: A remote attacker could gain access
    to files outside the Web root via '..' notation; user names and
    passwords are stored in plain text; and the location HTTP header reveals
    the full physical path of the Web root.

    The advisory indicates vendor confirmation. No patches have been made
    available.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html

    *** {01.25.035} Win - SurgeFTP server file retrieval

    SurgeFTP server version 2.0a contains a vulnerability that allows a
    remote attacker to gain access to files outside the Webroot by using
    '..' notation in various FTP commands.

    The vendor has confirmed the vulnerability and released version 2.0b.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0247.html

    *** {01.25.036} Win - Rumpus FTP server second long directory name DoS

    Rumpus FTP server versions prior to 1.3.6 contain a denial of service
    whereby a remote attacker can cause the service to crash by attempting
    to run a 'mkdir' FTP command with a long argument.

    The advisory indicates vendor confirmation and release of version 1.3.6.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0155.html

    - --- Linux News ---------------------------------------------------------

    *** {01.25.006} Linux - LPRng fails to drop supplemental group privs

    RedHat reports that LPRng does not correctly drop supplemental group
    permissions when started, resulting in LPRng and its children
    maintaining additional group privileges.

    RedHat has confirmed this vulnerability.

    Updated RedHat RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0120.html

    Source: RedHat
    http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0120.html

    *** {01.25.007} Linux - mandb regains privileges too early

    Debian has released an advisory indicating that the mandb application
    regains privileges too early in execution, which could allow a local
    attacker to leverage a race condition and overwrite files writable by
    the mandb privileges (typicall uid 'man').

    Updated Debian DEBs are listed at:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0052.html

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2001-q2/0052.html

    *** {01.25.010} Linux - Update: {01.24.008}: xinetd umask may cause
                    world writable files

    Multiple Linux vendors have released updated xinetd packages that fix
    the vulnerability discussed in {01.24.008} ("xinetd umask may cause
    world writable files").

    Update Immunix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0146.html

    Updated Conectiva RPMs:
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0058.html

    Source: Immunix, Conectiva, Debian (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0146.html
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html
    http://archives.neohapsis.com/archives/vendor/2001-q2/0058.html

    *** {01.25.011} Linux - Update {00.45.037}: Multiple tcpdump buffer
                    overflows

    Mandrake has released updated tcpdump packages that fix the
    vulnerability discussed in {00.45.037} ("Multiple tcpdump buffer
    overflows").

    Updated Mandrake RPMs are listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0163.html

    Source: Mandrake (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0163.html

    *** {01.25.014} Linux - BestCrypt unmount path overflow

    A potential local buffer overflow has been discovered in the 'bctool'
    binary distributed with BestCrypt versions prior to 0.8-2. When
    unmounting an encrypted file system, it is possible to overflow the
    buffer containing the name of the mount-point and execute arbitrary code
    as root.

    The vendor has confirmed this vulnerability and released version 0.8-3.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0168.html

    *** {01.25.016} Linux - Update {01.24.014}: exim remote printf format
                    attack

    Conectiva has released updated exim packages that fix the vulnerability
    discussed in {01.24.014} ("exim remote printf format attack").

    Updated Conectiva RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0012.html

    Source: Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0012.html

    *** {01.25.017} Linux - rxvt command line buffer overflow

    rxvt version 2.6.2 contains a buffer overflow in the handling of various
    command line arguments. Exploitation of the overflow could allow a local
    attacker to execute arbitrary code under 'utmp' privileges.

    Debian has confirmed this vulnerability and released updated DEBs:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0057.html

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2001-q2/0057.html

    *** {01.25.019} Linux - sysklogd crashes when receiving null byte

    The sysklogd daemon has been found to terminate if a null byte is
    contained in a kernel log message. Fortunately, the odds of inducing
    this behavior are very minimal. Regardless, it's still better to fix
    the problem.

    This vulnerability has been confirmed.

    Immunix has released updated RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0179.html

    Source: Immunix (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0179.html

    *** {01.25.020} Linux - Update {01.24.020}: Potential buffer overflow
                    in xinetd svc_logprint function

    Conectiva and Debian have released updated xinetd packages that fix the
    vulnerability discussed in {01.24.020} ("Potential buffer overflow in
    xinetd svc_logprint function").

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0058.html

    Updated Conectiva RPMs:
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html

    Source: Debian, Conectiva
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0014.html
    http://archives.neohapsis.com/archives/vendor/2001-q2/0058.html

    *** {01.25.022} Linux - Update {01.23.002}: gpg file name format string
                    vulnerability

    Debian has released an updated gpg package that fixes the vulnerability
    discussed in {01.23.002} ("gpg file name format string vulnerability").

    Updated DEBs are listed at:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0056.html

    Source: Debian
    http://archives.neohapsis.com/archives/vendor/2001-q2/0056.html

    *** {01.25.023} Linux - Update {01.21.003}: Apache 1.3.20 available

    Trustix has released updated Apache packages that fix a vulnerability
    mentioned in {01.21.003} ("Apache 1.3.20 available").

    Updated Trustix RPMs are listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0180.html

    Source: Trustix
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0180.html

    - --- BSD News -----------------------------------------------------------

    *** {01.25.002} BSD - PT_DETACH/ptrace kernel vulnerabilities

    A kernel flaw in various BSD distros allows a local attacker to ptrace
    a running setuid root process. Another flaw allows the attacker to
    specify an address at which execution is continued via PT_DETACH.

    The problem has been confirmed in OpenBSD 2.8 and 2.9 as well as in
    NetBSD 1.5.

    NetBSD source trees as of June 15, 2001, contain the updated fix.
    OpenBSD has released the following patches:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch

    Source: SecurityFocus Bugtraq, NetBSD, OpenBSD
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0167.html
    http://archives.neohapsis.com/archives/netbsd/2001-q2/0105.html
    http://archives.neohapsis.com/archives/openbsd/2001-06/1358.html

    - --- AIX News -----------------------------------------------------------

    *** {01.25.008} AIX - rsh command line argument buffer overflow

    A report has surfaced indicating that the rsh command in AIX version
    4.2.0.0 contains a buffer overflow in the handling of command line
    arguments. A local attacker could use this overflow to execute arbitrary
    code with root privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html

    - --- SCO News -----------------------------------------------------------

    *** {01.25.024} SCO - atcronsh TERM env variable overflow

    The atcronsh application shipped with SCO contains a buffer overflow in
    the handling of the TERM environment variable. This could allow a local
    attacker to execute arbitrary code with gid 'cron' privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Vuln-Dev
    http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0617.html

    *** {01.25.025} SCO - auditsh TERM env variable overflow

    The auditsh application shipped with SCO contains a buffer overflow in
    the handling of the TERM environment variable. This could allow a local
    attacker to execute arbitrary code with gid 'audit' privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Vuln-Dev
    http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0617.html

    *** {01.25.026} SCO - termsh TERM env variable overflow

    The termsh application shipped with SCO contains a buffer overflow in
    the handling of the TERM environment variable. This could allow a local
    attacker to execute arbitrary code with gid 'auth' privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Vuln-Dev
    http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0617.html

    *** {01.25.034} SCO - Tarantella ttaWebtop.cgi file disclosure via 'pg'
                    parameter

    SCO Tarantella versions 3.00 and 3.01 contain a vulnerability in the
    ttaWebtop.cgi CGI application that allows a remote attacker to view
    files readable by the Web server's uid.

    This vulnerability has been confirmed; version 3.10 contains a fix.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0235.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0255.html

    - --- Network Appliances News --------------------------------------------

    *** {01.25.015} NApps - Cisco NRP2 allows telnet without password

    The Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module
    allows an attacker unrestricted access the telnet service if a password
    has not yet been set.

    Cisco has confirmed this vulnerability and fixed it in IOS versions
    12.1(05)DC01 or later.

    Source: Cisco
    http://archives.neohapsis.com/archives/cisco/2001-q2/0006.html

    - --- Cross-Platform News ------------------------------------------------

    *** {01.25.009} Cross - Webstore CGI authentication bypass/command
                    execution

    CGICentral.net's Webstore CGI application has been found to contain two
    vulnerabilities. A remote attacker could bypass administrative
    authentication and execute arbitrary command line commands under the
    Web server's privileges.

    These vulnerabilities have not been confirmed. No patches have been made
    available.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html

    *** {01.25.012} Cross - MDBMS '\s' console command overflow

    The MDBMS SQL Server version 0.99b9 contains a buffer overflow in the
    handling of multiline strings and the '\s' console command.

    The advisory indicates confirmation by the vendor and the release of
    updated MDBMS versions.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0156.html

    *** {01.25.013} Cross - ScreamingMedia SITEWare file retrieval

    A vulnerability exists with ScreamingMedia's SITEWare Editor's Desktop
    versions prior to 3.1.1 and 2.5.1. This allow a remote attacker to view
    files readable by the Web server uid (including the source code to
    dynamic Web applications).

    This vulnerability has been confirmed. Patch information:
    http://www01.screamingmedia.com/en/security/sms1001.php

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html

    *** {01.25.018} Cross - fetchmail large header buffer overflow

    Fetchmail has been found to contain a buffer overflow in the handling
    of large incoming headers. This vulnerability allows a malicious e-mail
    to execute arbitrary code.

    This vulnerability has been confirmed, and many Linux vendors have
    released updates.

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2001-q2/0055.html

    Updated Immunix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0178.html

    Updated Conectiva RPMs:
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0013.html

    Source: Immunix, Debian, Conectiva (SF Bugtraq)
    http://archives.neohapsis.com/archives/vendor/2001-q2/0055.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0178.html
    http://archives.neohapsis.com/archives/linux/conectiva/2001-q2/0013.html

    *** {01.25.027} Cross - Update {01.24.021}: Scotty ntping host name
                    buffer overflow

    The vendor has confirmed the vulnerability discussed in {01.24.021}
    ("Scotty ntping hostname buffer overflow") and released version 2.1.11.

    Source: SecurityFocus Vuln-Dev
    http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html

    *** {01.25.028} Cross - GazTek HTTP server buffer overflow

    An advisory was released recently indicating a nonspecific buffer
    overflow in GazTek HTTP server version 1.4. This would allow a remote
    attacker to execute arbitrary code under the Web server's privileges.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0225.html

    *** {01.25.030} Cross - DCScripts.com DCShop sensitive data retrieval

    A report has surfaced indicating that particular misconfigurations of
    Web servers running DCScripts.com DCShop may allow a remote attacker to
    access private information, including authentication details and recent
    store orders.

    The vendor has confirmed this particular problem and recommends that
    the server be configured to not allow downloads of the particular
    sensitive files. More information on the particular configuration
    changes are available at:
    http://www.dcscripts.com/dcforum/dcshop/44.html

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0239.html

    *** {01.25.032} Cross - Uburst.com udirectory CGI command execution via
                    category_file parameter

    Uburst.com's udirectory CGI contains a vulnerability in the handling of
    the category_file parameter that could allow a remote attacker to
    execute arbitrary command line commands under the privileges of the Web
    server.

    This vulnerability has not been confirmed. An exploit has been
    published.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0229.html

    *** {01.25.033} Cross - pmpost PCP_LOG_DIR env variable symlink attack

    The pmpost application, found in some Linux distributions as well as in
    IRIX, has been found to follow symlinks when writing to a particular
    file contained in the directory indicated by the PCP_LOG_DIR environment
    variable. This allows a local attacker to gain root privileges.

    The vendor has not officially confirmed this vulnerability, although
    third parties have indicated confirmation. An exploit has been
    published.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0230.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html
    http://archives.neohapsis.com/archives/bugtraq/2001-06/0246.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE7Mk3++LUG5KFpTkYRArgHAJ9RemcOFLwdTZLBr6HEorqPnaFnQQCdEaNL
    IZiYJe1oX6q/ggX+4LTiLDg=
    =0nDi
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    Is your network's security keeping you up at night? Keeping your
    network secure can be an around-the-clock job for you and your team.
    Don't lose sleep over it, managed security services can put your
    problems to rest. Learn how OneSecure can help you get some sleep.
    http://www.onesecure.com/news1

    ----------------------------------------------------------------------

    Become a Security Alert Consensus member! If this e-mail was passed to
    you and you would like to begin receiving our security e-mail newsletter
    on a weekly basis, we invite you to subscribe today.
    http://www.sans.org/sansnews/.

    We are signing the Consensus newsletter with PGP. The new SANS PGP key
    is posted at:
    http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46 and
    can be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information, we will
    no longer include personal URLs in our Consensus newsletter mailings.
    Instead, we have created a new form (http://www.sans.org/sansurl). On
    this form you can enter the SD number located near your name at the top
    of the newsletter. When you submit this form, an e-mail containing a
    URL will be sent to you at the e-mail address on record. With this URL
    you can make changes to your account (edit the content of your Consensus
    mailing, for example) without endangering the security of your personal
    URL. If you'd like to change your e-mail address or other information,
    or unsubscribe to this newsletter, please visit your new URL as
    described above. If you have any problems or questions, e-mail us at
    <consensusnwc.com>.

    Missed an issue? You can find all back issues of Security Alert
    Consensus (and Security Express) online. http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2001 Network Computing, a CMP Media LLC publication. All
    Rights Reserved. Distributed by Network Computing
    (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).