OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ87261369445585738sans.org)
Date: Thu Jul 26 2001 - 17:33:16 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: Security Express (SD397643)
    Re: Your personalized newsletter

                          -- Security Alert Consensus --
                                 Number 107 (01.30)
                              Thursday, July 26, 2001
                                 Created for you by
                       Network Computing and the SANS Institute
                                Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to SANS' distribution of the Security Alert Consensus.

    ----------------------------------------------------------------------

    *** Sponsored by VeriSign - The Internet Trust Company ***
     
    Pinpoint the right security solution for your company - FREE Guide from
    industry leader VeriSign gives you all the facts. Learn how to:
    * Add the most powerful online encryption - 128-bit
    * Quickly authenticate your site
     
    Get your FREE Guide now at:
    http://www.verisign.com/cgi-bin/go.cgi?a=n061142320014000

    ----------------------------------------------------------------------

    Last week was definitely a busy one. The most notable
    news was the Code Red worm that ran around exploiting the
    Microsoft IIS indexing service buffer overflow. Not only
    Windows NT shops were affected; Cisco released an advisory
    indicating that IIS was bundled with many of its products.
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0446.html

    Many reports also surfaced indicating that the worm was crashing
    various HP JetDirect-enabled printers and that DSL/cable modem
    devices (essentially any network device with a sub-optimal HTTP
    management interface) seemed to be taken down in the process. The
    "two birds with one worm" thread on Bugtraq mentions many of the
    network-device problems. You can view messages from the thread at:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/

    Those of you Unix folk on the list need not feel left out. While the
    Windows NT shops are scrambling to patch the buffer overflow being
    exploited by Code Red, you should be busy patching the buffer overflow
    found in your telnet daemon -- if you still use it. Kudos to you if
    you've moved exclusively to SSH. The details of the vulnerability
    are covered in this issue under the Cross-Platform item {01.30.021}.

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {01.30.017} Win - Cgiwrap URL request CSS vulnerability
    {01.30.002} Linux - Update {01.29.015}: OpenSSL PRNG predictability
    {01.30.010} Linux - HTTProtect symlink bypasses protection
    {01.30.020} Linux - MasqMail piped alias privilege elevation
    {01.30.031} Linux - Update {01.28.021}: xloadimage/faces reader buffer
                overflow
    {01.30.006} BSD - Update {01.23.008}: OpenSSH 'cookie' file deletion
    {01.30.015} BSD - NetBSD sendmsg() causes kernel panic
    {01.30.016} BSD - NetBSD sugid/execve() and ptrace() race condition
    {01.30.030} Sol - dtmail MAIL env variable overflow
    {01.30.004} HPUX - Update {01.15.011}: Multivendor FTP glob
                functionality buffer overflow
    {01.30.005} HPUX - VVOS mkacct allows unauthorized privileged access
    {01.30.008} Other - Tru64 inetd DoS due to failed services
    {01.30.001} Cross - tcpdump AFS parsing overflow (2)
    {01.30.003} Cross - Squid httpd accelerator unauthorized Web proxy
    {01.30.007} Cross - FW-1/Secure Remote network topology exposure
    {01.30.009} Cross - phplib libdir remote code injection
    {01.30.011} Cross - IBM AlphaWorks TFTP directory traversal attack
    {01.30.012} Cross - WebSEAL proxy director /../ bypass/attack
    {01.30.013} Cross - IMP malicious JavaScript vulnerability
    {01.30.014} Cross - IMP local prefs.lang script execution
    {01.30.018} Cross - SSH locked account password authentication bypass
    {01.30.019} Cross - DNHTTPD encoded /../ request arbitrary file access
    {01.30.021} Cross - Multivendor telentd option handling overflow
    {01.30.022} Cross - Procmail unsafe signal handling
    {01.30.023} Cross - Update {01.29.014}: uncgi CGI wrapper arbitrary
                script execution
    {01.30.024} Cross - NetWin Auth weak password hashing and buffer
                overflows
    {01.30.025} Cross - phpMyChat malformed nick vulnerabilities
    {01.30.026} Cross - SILC private message may not be encrypted properly
    {01.30.027} Cross - Various miscellaneous open-source application
                vulnerabilities
    {01.30.028} Cross - Lucent RADIUS server syslog()/log_msg() format
                string attack
    {01.30.029} Cross - pileup various scanf() overflows
    {01.30.032} Cross - Proxomitron URL request CSS vulnerability
    {01.30.033} Cross - Arkeia database files world-writable

    - --- Windows News -------------------------------------------------------

    *** {01.30.017} Win - Cgiwrap URL request CSS vulnerability

    Cgiwrap versions prior to 3.7 have been found vulnerable to a
    cross-site scripting attack. This could allow a malicious Web site
    or e-mail to execute JavaScript in an unsuspecting user's browser.

    The vendor has confirmed this vulnerability and
    released version 3.7, which is available at:
    http://prdownloads.sourceforge.net/cgiwrap/cgiwrap-3.7.tar.gz

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html

    - --- Linux News ---------------------------------------------------------

    *** {01.30.002} Linux - Update {01.29.015}: OpenSSL PRNG predictability

    RedHat and Mandrake have released OpenSSL packages to fix the
    vulnerability discussed in {01.29.015} ("OpenSSL PRNG predictability").

    Updated RedHat RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0350.html

    Updated Mandrake RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0354.html

    Source: RedHat, Mandrake (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0350.html
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0354.html

    *** {01.30.010} Linux - HTTProtect symlink bypasses protection

    HTTProtect version 1.1.1 has been found to contain a vulnerability that
    would allow local attackers to bypass file modification restrictions
    and still modify a file simply by referencing the file via symbolic
    links.

    The advisory indicates vendor confirmation; a patch is available at:
    http://www.omnisecure.com/products/http/Linux/1.1.1/index.htm

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html

    *** {01.30.020} Linux - MasqMail piped alias privilege elevation

    Versions of MasqMail older than 0.1.15 do not correctly handle piped
    aliases. This could allow local attackers to elevate their privileges.

    The vulnerability has been confirmed; it was fixed in version 0.1.15.

    Source: Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0013.html

    *** {01.30.031} Linux - Update {01.28.021}: xloadimage/faces reader
                    buffer overflow

    SuSE has released updated xli/xloadimage packages to fix the
    vulnerability discussed in {01.28.021} ("xloadimage/faces reader
    buffer overflow").

    Updated RPMs are listed at:
    http://archives.neohapsis.com/archives/linux/suse/2001-q3/0243.html

    Source: SuSE
    http://archives.neohapsis.com/archives/linux/suse/2001-q3/0243.html

    - --- BSD News -----------------------------------------------------------

    *** {01.30.006} BSD - Update {01.23.008}: OpenSSH 'cookie' file deletion

    NetBSD has released updated openSSH packages to fix the vulnerability
    discussed in {01.23.008} ("OpenSSH 'cookie' file deletion").

    The NetBSD 1.5 and -current package source as of June 25, 2001,
    contain the fixed versions.

    Source: NetBSD
    http://archives.neohapsis.com/archives/netbsd/2001-q3/0098.html

    *** {01.30.015} BSD - NetBSD sendmsg() causes kernel panic

    NetBSD has released an advisory detailing a bug in the sendmsg()
    function. It's possible for a local attacker to pass a large value
    in the msg_controllen parameter of sendmsg(). This will cause the
    kernel to panic and create a denial of service situation. NetBSD 1.3
    through 1.5 and -current are vulnerable.

    This vulnerability has been confirmed. NetBSD 1.4,
    1.5 and -current as of July 19, 2001, contain the
    updated fix. Various available patches are listed at:
    http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html

    Source: NetBSD
    http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html

    *** {01.30.016} BSD - NetBSD sugid/execve() and ptrace() race condition

    An advisory released by NetBSD indicates a race condition in the
    execve() function. This could allow a local attacker to ptrace() a
    setuid/setgid application and potentially execute arbitrary code with
    the elevated privileges. NetBSD 1.4, 1.5 and -current are vulnerable.

    NetBSD has confirmed this vulnerability. It updated 1.5 and -current
    on June 17, 2001, and 1.4 on July 19, 2001. Individual patches are
    listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0533.html

    Source: NetBSD
    http://archives.neohapsis.com/archives/netbsd/2001-q3/0097.html

    - --- Solaris News -------------------------------------------------------

    *** {01.30.030} Sol - dtmail MAIL env variable overflow

    A recently released advisory indicates a buffer overflow in dtmail's
    handling of the MAIL environment variable. This could allow a local
    attacker to execute arbitrary code under group 'mail' privileges.

    Solaris 2.6 and 7 are reported vulnerable. However, this vulnerability
    has not yet been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0539.html

    - --- HP-UX News ---------------------------------------------------------

    *** {01.30.004} HPUX - Update {01.15.011}: Multivendor FTP glob
                    functionality buffer overflow

    HP has released updated patches to fix the vulnerability discussed
    in {01.15.011} ("Multivendor FTP glob functionality buffer overflow").

    HP patches listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0392.html

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q3/0015.html

    *** {01.30.005} HPUX - VVOS mkacct allows unauthorized privileged access

    HP has released patches to fix a vulnerability in the program mkacct
    that may allow unauthorized privileged access. This vulnerability
    only affects HP-UX 11.04 VVOS.

    HP patches listed at:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0392.html

    Source: HP
    http://archives.neohapsis.com/archives/hp/2001-q3/0015.html

    - --- Other News ---------------------------------------------------------

    *** {01.30.008} Other - Tru64 inetd DoS due to failed services

    Compaq has released an advisory indicating that the inetd service
    shipped with Tru64 version 5.1 may stop accepting incoming connections
    if one of the handled services crashes upon startup. This could result
    in a denial of service situation.

    Compaq has confirmed the problem and made a patch available. Contact
    your normal Compaq Services support channel and request the patch
    using the reference SSRT0708U.

    Source: Compaq
    http://archives.neohapsis.com/archives/compaq/2001-q3/0012.html

    - --- Cross-Platform News ------------------------------------------------

    *** {01.30.001} Cross - tcpdump AFS parsing overflow (2)

    Another buffer overflow was found in tcpdump's parsing of AFS RPC
    packets. This could allow a remote attacker to execute arbitrary code
    on a system that is running tcpdump.

    FreeBSD has confirmed this vulnerability. FreeBSD version 3.x, 4.4
    and 4.3-STABLE after July 17, 2001, are not affected. Other platforms
    are vulnerable as well.

    Source: FreeBSD
    http://archives.neohapsis.com/archives/freebsd/2001-07/0340.html

    *** {01.30.003} Cross - Squid httpd accelerator unauthorized Web proxy

    Squid prior to 2.3STABLE5 has been found to contain a
    vulnerability in the http accelerator feature. When configured
    with 'http_accel_with_proxy_off', any request to squid will bypass
    ACLs. This vulnerability may allow squid to be used as a port scanner
    or otherwise proxy unauthorized requests.

    This vulnerability has been confirmed, and version 2.3STABLE5 has
    been released.

    Squid updates/downloads:
    http://www.squid-cache.org/

    Updated RedHat RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0401.html

    Updated Immunix RPMs:
    http://archives.neohapsis.com/archives/linux/immunix/2001-q3/0025.html

    Updated Trustix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html

    Source: RedHat, Immunix, Trustix (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0401.html
    http://archives.neohapsis.com/archives/linux/immunix/2001-q3/0025.html
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html

    *** {01.30.007} Cross - FW-1/Secure Remote network topology exposure

    This is more of a heads-up than a vulnerability: Certain configurations
    of Secure Remote for Firewall-1, when used with FWZ encryption,
    will gladly send network topology data to unauthenticated remote
    users. The proper fix is to make sure network topology is sent only
    to authenticated users or to predistribute an appropriate userc.c
    file. Newer versions (4.1SP1) will not send this data by default.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0320.html

    *** {01.30.009} Cross - phplib libdir remote code injection

    Versions of phplib prior to 7.2d do not properly check incoming user
    data, thereby allowing an attacker to redefine an internal library
    variable ($_PHPLIB[libdir]) and cause the library to fetch a script
    from a remote server and execute it. Technically, any application
    built on top of vulnerable phplib versions are exploitable.

    This vulnerability has been confirmed. Version
    7.2d contains a fix and can be downloaded from:
    http://sourceforge.net/project/showfiles.php?group_id=31885
    &release_id=44737

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0504.html

    *** {01.30.011} Cross - IBM AlphaWorks TFTP directory traversal attack

    The IBM AlphaWorks TFTP Server for Java has been reported vulnerable to
    a reverse directory traversal ('..') attack. This could allow remote
    attackers to retrieve arbitrary files on the system readable by the
    TFTP service.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0455.html

    *** {01.30.012} Cross - WebSEAL proxy director /../ bypass/attack

    The Tivoli SecureWay Policy Director version 3.x ships with the
    WebSEAL proxy service. This service has been found vulnerable
    to reverse directory traversal ('..') attacks, which would allow
    a remote attacker to access Web files otherwise restricted by the
    policy director. All platforms for this product are vulnerable.

    Tivoli has confirmed this vulnerability and released updated patches.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html

    *** {01.30.013} Cross - IMP malicious JavaScript vulnerability

    IMP versions prior to 2.2.6 are vulnerable to an attacker embedding
    various malicious JavaScript in HTML elements within an e-mail,
    which would be executed in usersŐ browsers when they view the e-mail.

    This vulnerability has been confirmed; a fix was included in version
    2.2.6.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0491.html

    *** {01.30.014} Cross - IMP local prefs.lang script execution

    A vulnerability was found in IMP versions prior to 2.2.6 that allows
    a local attacker, or anyone capable of writing a file to the target
    server, to create a trojaned prefs.lang file and then trick IMP into
    executing any PHP script commands contained within it. This attack
    could be used to expose IMP configuration information, including
    database authentication credentials.

    This vulnerability has been confirmed. Version 2.2.6 has been released.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0491.html

    *** {01.30.018} Cross - SSH locked account password authentication
                    bypass

    SSH Secure Shell version 3.0.0 does not properly handle small (two
    characters or less) password fields, which are commonly used on various
    Unix systems to indicate 'locked out' accounts. This results in the
    ability of a local attacker to log into the system under the account
    without having to supply a password.

    The vendor has confirmed this vulnerability and released version 3.0.1.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html

    *** {01.30.019} Cross - DNHTTPD encoded /../ request arbitrary file
                    access

    DNHTTPD server versions prior to 0.4.1 contain a bug in the handling
    of encoded URL requests that include reverse directory traversal
    ('..') notation. This allows remote attackers to access arbitrary
    files outside the Web root that are readable by the DNHTTPD service.

    The vendor has confirmed this vulnerability and released version 0.4.1.

    Source: Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html

    *** {01.30.021} Cross - Multivendor telentd option handling overflow

    An advisory has been released indicating that a remote attacker could
    use a buffer overflow in the handling of telnet connection options to
    execute arbitrary code with root privileges. The advisory indicates
    various BSDs, Linux, IRIX and Solaris as vulnerable; other platforms
    also may be vulnerable.

    This vulnerability has been confirmed on some platforms.

    FreeBSD has released a patch:
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/
    telnetd-crypto.patch

    Caldera OpenLinux 2.3 may be vulnerable; patches are listed at:
    http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0005.html

    Source: Caldera, SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0351.html
    http://archives.neohapsis.com/archives/netbsd/2001-q3/0092.html
    http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0005.html

    *** {01.30.022} Cross - Procmail unsafe signal handling

    Procmail has been found to handle signals insecurely. This could
    result in possible privilege escalation by a local attacker.

    RedHat has confirmed this vulnerability and released updated packages.

    Updated RedHat RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0394.html

    Source: RedHat (SF Bugtraq)
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0394.html

    *** {01.30.023} Cross - Update {01.29.014}: uncgi CGI wrapper arbitrary
                    script execution

    The vendor has released an updated uncgi package to fix the
    vulnerability discussed in {01.29.014} ("uncgi CGI wrapper arbitrary
    script execution").

    The latest version can be downloaded from:
    http://www.midwinter.com/~koreth/uncgi.html

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html

    *** {01.30.024} Cross - NetWin Auth weak password hashing and buffer
                    overflows

    The NetWin Authentication Module version 3.0b, which is used in
    various products (SurgeFTP and DMail), has flaws in the hashing
    algorithm used to store passwords. This flaw allows passwords to be
    decrypted easily and multiple passwords to be accepted for any one
    actual password. Buffer overflows also are reported in the handling
    of various operations, which potentially could be triggered remotely.

    This vulnerability has not been confirmed. Exploit code is available.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0452.html

    *** {01.30.025} Cross - phpMyChat malformed nick vulnerabilities

    phpMyChat versions prior to 0.14.5 contain two vulnerabilities related
    to malformed user nicknames. These bugs could leave the accounts
    unmanageable by administrative utilities. Another bug causes registered
    users to lose rights in various situations when they join a chat.

    The vendor has confirmed this vulnerability and released version
    0.14.5.

    Source: Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0001.html

    *** {01.30.026} Cross - SILC private message may not be encrypted
                    properly

    SILC versions prior to 0.4 may not properly encrypt a private message
    with the intended recipient's private key, resulting in a nonencrypted
    message.

    The vendor has confirmed this vulnerability and released version 0.4.

    Source: Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0003.html

    *** {01.30.027} Cross - Various miscellaneous open-source application
                    vulnerabilities

    We don't normally do a massive grouping like this. In this case,
    however, we feel that it's worth alerting you, particularly because
    some of the programs are popular and used frequently. Many open-source
    programs were recently reported vulnerable, due to entries found in
    their change logs. Unfortunately, in many instances the exact nature
    of the vulnerability was not specified, so we are just going to list
    the applications here with the available information. The vendor has
    confirmed all of these problems, which have been fixed by updated
    versions.

    SANE scanner software versions prior to 1.0.5 indicate a
    vulnerability. This is likely limited to a local attack only.

    TWIG PHP imap client versions prior to 2.7.2 (and especially 2.7.0)
    contain various multiple security fixes.

    FileManager, a Perl CGI, has security problems in versions prior
    to 0.95.

    nPulse nmap utility prior to version 0.53p4 contains a security
    vulnerability in the included Web server.

    phpWebSite versions prior to 0.7.9 have a minor security problem when
    a site runs multiple copies of phpWebSite under the same domain.

    AutoDNS encrypted DNS request change manager has security problems
    related to the handling of domain names in versions prior to 0.0.4.

    Versions of the IntraGnat project management tool prior to 1.4 have
    an undisclosed security problem.

    The netscript TCP scripting engine prior to version 1.6.3 has security
    issues in the parsing of returned data, which hints at a remote server
    potentially executing arbitrary code as the user running netscript.

    Source: VulnWatch, Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0010.html
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0012.html
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0004.html
    http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html

    *** {01.30.028} Cross - Lucent RADIUS server syslog()/log_msg() format
                    string attack

    Versions of the Lucent/Livingston RADIUS daemon prior to 2.1.va.1
    contain various format string attacks in the handling of syslog()
    and log_msg() parameters. These could potentially allow a remote
    attacker to execute arbitrary code on the system.

    The vendor has confirmed this vulnerability, and version 2.1.va.1
    fixes it.

    Source: Freshmeat
    http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html

    *** {01.30.029} Cross - pileup various scanf() overflows

    Version 1.2 of pileup has been released. It fixes various buffer
    overflows caused by the use of the scanf() function.

    The vendor has confirmed this vulnerability.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0512.html

    *** {01.30.032} Cross - Proxomitron URL request CSS vulnerability

    Proxomitron proxy versions Naoko-4 beta4 are vulnerable to cross-site
    scripting in the handling of URL requests. This allows a malicious Web
    site or e-mail to execute arbitrary JavaScript code in an unsuspecting
    user's Web browser.

    The vendor has confirmed this vulnerability and released version
    Naoko-4 beta5.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0531.html

    *** {01.30.033} Cross - Arkeia database files world-writable

    Arkeia backup software version 4.2.8-2 (and probably prior) has been
    found to set insecure file permission on various database/configuration
    files. This could allow a local attacker to overwrite these files.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2001-07/0521.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE7YJZq+LUG5KFpTkYRAgN1AJwMzD5J63C8cKjYzyuoHaufqg4+3QCeLaip
    YI5YeP5PENlcJhMYJHTxrbs=
    =t+z2
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    *** Sponsored by VeriSign - The Internet Trust Company ***
     
    Pinpoint the right security solution for your company - FREE Guide from
    industry leader VeriSign gives you all the facts. Learn how to:
    * Add the most powerful online encryption - 128-bit
    * Quickly authenticate your site
     
    Get your FREE Guide now at:
    http://www.verisign.com/cgi-bin/go.cgi?a=n061142320014000

    ----------------------------------------------------------------------

    Become a Security Alert Consensus member! If this e-mail was passed to
    you and you would like to begin receiving our security e-mail newsletter
    on a weekly basis, we invite you to subscribe today. Send an email to
    sanssans.org with the subject "Subscribe SAC"

    We are signing the Consensus newsletter
    with PGP. The new SANS PGP key is posted at:
    http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46
    and can be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information,
    we will no longer include personal URLs in our Consensus
    newsletter mailings. Instead, we have created a new form
    (http://www.sans.org/sansurl). On this form you can enter the SD
    number located near your name at the top of the newsletter. When you
    submit this form, an e-mail containing a URL will be sent to you at
    the e-mail address on record. With this URL you can make changes to
    your account (edit the content of your Consensus mailing, for example)
    without endangering the security of your personal URL. If you'd like
    to change your e-mail address or other information, or unsubscribe
    to this newsletter, please visit your new URL as described above. If
    you have any problems or questions, e-mail us at <consensusnwc.com>.

    Missed an issue? You can find all back issues of
    Security Alert Consensus (and Security Express) online.
    http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2001 Network Computing, a CMP Media LLC
    publication. All Rights Reserved. Distributed by Network
    Computing (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).