OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Network Computing and The SANS Institute (sans+ZZ80936797929514379_at_sans.org)
Date: Thu Aug 01 2002 - 16:05:54 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


    Re: Your personalized newsletter

                       -- Security Alert Consensus --
                            Number 030 (02.30)
                         Thursday, August 1, 2002
                            Created for you by
                  Network Computing and the SANS Institute
                           Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to the latest edition of Security Alert Consensus! Below
    you should find information pertaining only to the categories you
    requested. Information on how to manage your subscription can be found
    at the bottom of the newsletter. If you have any problems or questions,
    please e-mail us at <consensusnwc.com>.

    ----------------------------------------------------------------------

    This issue sponsored by SPI Dynamics

    Aberdeen Alert! Using ports 80 and 443 as expressways through network
    firewalls, hackers are free to probe and breach Web applications! How
    can you combat this problem? Get the latest recommendations from
    Aberdeen in this FREE Research Report!
    http://www.spidynamics.com/mktg/aberdeen9

    ----------------------------------------------------------------------

    The largest vulnerability this week is a collection of bugs in the
    OpenSSL library, affecting all applications that use OpenSSL SSL
    functions (like Apache mod_ssl, stunnel, various IMAP and SMTP SSL/TLS
    addons, etc.). These bugs are confirmed to be remotely exploitable.
    It is reported in this issue as item {02.30.001}, in the Cross-Platform
    category.

    There's also a few Microsoft SQL Server patches which fix various
    problems ({02.30.007} and {02.30.008}), as well as an Exchange 5.5
    buffer overflow ({02.30.006}). Speaking of mail servers, Groupwise
    6.0.1SP1 has a buffer overflow as well ({02.30.028}).

    Finally, the DMCA has been dragged into yet another forum. A recent
    CNET article sheds some disturbing light on how DMCA could be leveraged
    against vulnerability research, as HP recently issued a rather harsh
    warning to a research team: http://news.com.com/2100-1023-947325.html

    Until next week,
    - Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {02.30.004} Win - MS02-036: MS Metadirectory Services authentication
                bypass
    {02.30.006} Win - MS02-037: Exchange SMTP EHLO response overflow
    {02.30.007} Win - MS02-038: MS SQL 2000 utilities, multiple
                vulnerabilities
    {02.30.008} Win - MS02-039: MS SQL 2000 resolution service, multiple
                vulnerabilities
    {02.30.009} Win - Update {02.29.015}: SecureCRT server version string
                overflow
    {02.30.020} Win - VMWare GSX authentication service GLOBAL parameter
                overflow
    {02.30.021} Win - Update {02.16.026}: Stdin/stdout/stderr closed file
                descriptor vulnerability
    {02.30.025} Win - Pegasus mail client To/From field overflow DoS
    {02.30.029} Win - IPSwitch IMail GET request overflow
    {02.30.030} Win - JanaServer, multiple vulnerabilities
    {02.30.032} Win - Abyss Web server directory listing via slashes
    {02.30.002} Linux - libmm temporary file vulnerability
    {02.30.003} Linux - chfn /etc/ptmp lockfile vulnerability
    {02.30.005} Linux - Update {02.26.002}: DNS libresolve/resolver buffer
                overflow
    {02.30.028} NW - GroupWise SMTP RCPT overflow
    {02.30.010} NApps - SEH IC9 printer server Web username overflow
    {02.30.011} NApps - HP Procurve switch SNMP write DoS
    {02.30.012} NApps - D-Link DP-300 print server HTTP POST DoS
    {02.30.013} NApps - Lucent Brick Firewall ARP vulnerabilities
    {02.30.014} NApps - Lucent Access Point Router HTTP server large URL DoS
    {02.30.015} NApps - Lucent/Ascend UDP packet information disclosure
    {02.30.016} NApps - HP JetDirect exposes administrative password
    {02.30.017} NApps - Brother NC-3100h printer HTTP user name DoS
    {02.30.018} NApps - Cisco IOS TFTP server read overflow
    {02.30.022} NApps - ZyXEL router jolt DoS
    {02.30.023} NApps - Cobalt Qube 3 administrative CGI vulnerabilities
    {02.30.026} NApps - CacheFlow error page CSS vulnerability
    {02.30.019} Other - Tru64 su parameter overflow
    {02.30.001} Cross - OpenSSL multiple overflows and ASN1 parse
                vulnerabilities
    {02.30.024} Cross - Mailman ml-name CGI CSS vulnerability
    {02.30.027} Cross - ezContents CGI, multiple vulnerabilities
    {02.30.031} Cross - HylaFAX faxgetty TSI DoS

    - --- Windows News -------------------------------------------------------

    *** {02.30.004} Win - MS02-036: MS Metadirectory Services
                    authentication bypass

    Microsoft released MS02-036 ("MS Metadirectory Services authentication
    bypass"). A vulnerability in Microsoft Metadirectory Services version
    2.2 lets a remote client gain administrative access to the MMS data
    without supplying valid authentication credentials.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-036.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0026.html

    *** {02.30.006} Win - MS02-037: Exchange SMTP EHLO response overflow

    Microsoft released MS02-037 ("Exchange SMTP EHLO response overflow"). A
    remote attacker can submit a particularly long EHLO parameter that,
    when inserted into the EHLO response given by Exchange, will result in
    a buffer overflow capable of executing arbitrary code with Exchange
    service account privileges. Only Exchange version 5.5 is reported
    vulnerable.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-037.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0027.html

    *** {02.30.007} Win - MS02-038: MS SQL 2000 utilities, multiple
                    vulnerabilities

    Microsoft released MS02-038 ("MS SQL 2000 utilities, multiple
    vulnerabilities"). MS SQL Server 2000 and MSDE 2000 contain various
    vulnerabilities in the included database utilities that could allow
    local attackers to gain privileges equal to the SQL service account.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-038.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0029.html

    *** {02.30.008} Win - MS02-039: MS SQL 2000 resolution service,
                    multiple vulnerabilities

    Microsoft released MS02-039 ("MS SQL 2000 resolution service, multiple
    vulnerabilities"). The resolution service included with MS SQL Server
    2000 contains two remotely exploitable buffer overflows that allow an
    attacker to execute arbitrary code under the privileges of the SQL
    service account. A remote denial of service vulnerability exists,
    as well.

    FAQ and patch:
    http://www.microsoft.com/technet/security/bulletin/MS02-039.asp

    Source: Microsoft (NTBugtraq)
    http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0028.html

    *** {02.30.009} Win - Update {02.29.015}: SecureCRT server version
                    string overflow

    The vendor released SecureCRT versions 3.4.6 and 4.0beta3, which fix
    the vulnerability discussed in {02.29.015} ("SecureCRT server version
    string overflow").

    More information is available at:
    http://www.vandyke.com/products/securecrt/security07-25-02.html

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0323.html

    *** {02.30.020} Win - VMWare GSX authentication service GLOBAL
                    parameter overflow

    The VMWare GSX authentication service included with version 2.0.0 build
    2050 contains a buffer overflow in the handling of the GLOBAL command,
    which allows a remote attacker (with a valid user name and password)
    to potentially execute arbitrary code on the system. Only the Windows
    version is affected.

    The vendor confirmed this vulnerability and released an update on
    its site.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0260.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0320.html

    *** {02.30.021} Win - Update {02.16.026}: Stdin/stdout/stderr closed
                    file descriptor vulnerability

    FreeBSD committed updates that fix the vulnerability discussed
    in {02.16.026} ("Stdin/stdout/stderr closed file descriptor
    vulnerability"). The previous fixes were insufficient.

    FreeBSD branches as of July 30, 2002, contain the corrected code.

    Source: FreeBSD
    http://archives.neohapsis.com/archives/freebsd/2002-07/0503.html

    *** {02.30.025} Win - Pegasus mail client To/From field overflow DoS

    The Pegasus mail client version 4.01 crashes when an e-mail containing
    a long To or From field is received, resulting in a denial of service
    attack.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html

    *** {02.30.029} Win - IPSwitch IMail GET request overflow

    The HTTP server included with IPSwitch IMail version 7.1 reportedly
    contains a buffer overflow in the handling of large HTTP 1.0 requests,
    thereby allowing a remote attacker to execute arbitrary code.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html

    *** {02.30.030} Win - JanaServer, multiple vulnerabilities

    JanaServer versions 2.2.1 and prior contain multiple vulnerabilities,
    among which are remotely exploitable buffer overflows in the various
    services and a denial of service.

    The advisory indicates vendor confirmation.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html

    *** {02.30.032} Win - Abyss Web server directory listing via slashes

    The Abyss Web server version 1.0.3 gives a directory listing if a
    remote attacker makes a URL request that contains many slashes ('/').

    This vulnerability is confirmed by the vendor, which released version
    1.0.7 at:
    http://www.aprelium.com/news/abws107tp.html

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html

    - --- Linux News ---------------------------------------------------------

    *** {02.30.002} Linux - libmm temporary file vulnerability

    The mm library insecurely handles temporary files. It may be possible
    for an attacker to gain elevated privileges by exploiting the race
    condition. Both the Apache Web server and the PHP library use this
    library, and successful exploitation could lead to root privileges.

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2002-q3/0007.html

    Updated Caldera RPMs:
    http://archives.neohapsis.com/archives/linux/caldera/2002-q3/0007.html

    Updated Mandrake RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0373.html

    Updated OpenPKG RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0386.html

    Source: Debian, Caldera, Mandrake, OpenPKG (SF Bugtraq)
    http://archives.neohapsis.com/archives/vendor/2002-q3/0007.html
    http://archives.neohapsis.com/archives/linux/caldera/2002-q3/0007.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0386.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0373.html

    *** {02.30.003} Linux - chfn /etc/ptmp lockfile vulnerability

    The chfn utility shipped with various Linux distributions contains
    a race condition that could let a local attacker insert entries into
    /etc/passwd under very particular conditions.

    This vulnerability is confirmed. Many vendors have released updates.

    Updated Red Hat RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0019.html

    Updated Trustix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html

    Source: VulnWatch, Red Hat, Trustix
    http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0041.html
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0019.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html

    *** {02.30.005} Linux - Update {02.26.002}: DNS libresolve/resolver
                    buffer overflow

    EnGarde and Red Hat released updated glibc packages, which fix the
    vulnerability discussed in {02.26.002} ("DNS libresolve/resolver
    buffer overflow").

    Updated EnGarde RPMs:
    http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html

    Updated Red Hat RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0013.html

    Source: EnGarde, Red Hat
    http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0013.html

    - --- NetWare News -------------------------------------------------------

    *** {02.30.028} NW - GroupWise SMTP RCPT overflow

    GroupWise version 6.0.1SP1 contains a buffer overflow in the handling
    of large RCPT e-mail fields. This vulnerability causes the server to
    crash and potentially to execute arbitrary code.

    This vulnerability is confirmed and fixed in Support Pack 2 (the beta
    is currently available).

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html

    - --- Network Appliances News --------------------------------------------

    *** {02.30.010} NApps - SEH IC9 printer server Web username overflow

    The SEH IC9 print server running firmware 7.1.36f and prior reboots
    when a remote attacker sends an overly long user name to the built-in
    administration Web server.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html

    *** {02.30.011} NApps - HP Procurve switch SNMP write DoS

    The HP Procurve 4000 and 8000 switches reportedly crash when a remote
    attacker, who has the capability to perform SNMP writes to the switch,
    sets a particular SNMP value.

    The advisory indicates vendor confirmation.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0338.html

    *** {02.30.012} NApps - D-Link DP-300 print server HTTP POST DoS

    The D-Link DP-300 print server contains a denial of service
    vulnerability whereby a remote attacker sends a large HTTP POST request
    to the built-in HTTP administration server, causing the HTTP service
    to stop answering requests.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html

    *** {02.30.013} NApps - Lucent Brick Firewall ARP vulnerabilities

    An advisory surfaced indicating that various Lucent Brick Firewalls
    contain some oddities in handling various ARP tricks done by an
    attacker on a local segment (although it can be a segment outside the
    firewall). Vulnerabilities include firewall discovery and a denial
    of service attack against the management consoles.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0342.html

    *** {02.30.014} NApps - Lucent Access Point Router HTTP server large
                    URL DoS

    The Lucent Access Point Router contains a denial of service
    vulnerability in the handling of large URL requests by the internal
    administrative Web server. This DoS allows a remote attacker to reboot
    the router.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0343.html

    *** {02.30.015} NApps - Lucent/Ascend UDP packet information disclosure

    The UDP discard service on various Ascend (now Lucent) products
    replies to a particularly crafted UDP packet, disclosing various
    device information such as IP addresses, serial numbers, installed
    software features, etc.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0344.html

    *** {02.30.016} NApps - HP JetDirect exposes administrative password

    The administrative password of HP JetDirect print servers is readable
    by anyone who can make SNMP read requests to the device. This allows
    a remote attacker to reconfigure the device.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html

    *** {02.30.017} NApps - Brother NC-3100h printer HTTP user name DoS

    The Brother NC-3100h network printer contains a denial of service
    vulnerability in the built-in administrative HTTP server. A remote
    attacker can submit a large user name to the HTTP service and cause
    the printer to become unavailable.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0353.html

    *** {02.30.018} NApps - Cisco IOS TFTP server read overflow

    The TFTP server included within Cisco IOS versions 11.1, 11.2 and
    11.3 contains a buffer overflow in the handling of malformed TFTP
    read requests, thereby allowing a remote attacker to reboot the
    affected device.

    The official solutions are to provide TFTP file name aliases, to
    disable the TFTP server or to upgrade to a newer version of IOS.

    Source: Cisco
    http://archives.neohapsis.com/archives/cisco/2002-q3/0002.html

    *** {02.30.022} NApps - ZyXEL router jolt DoS

    The ZyXEL Prestige 642R router running ZyNOS v2.50 (FA.1) is vulnerable
    to a jolt denial of service attack, thereby letting a remote attacker
    trigger the device into not forwarding packets for a period of time.

    This vulnerability is not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html

    *** {02.30.023} NApps - Cobalt Qube 3 administrative CGI vulnerabilities

    The Cobalt Qube 3 reportedly contains multiple vulnerabilities in its
    administrative CGIs, thereby allowing a remote attacker to delete files
    as well as access user accounts without the proper password. A local
    vulnerability was also found. It lets an attacker gain administrative
    access.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html

    *** {02.30.026} NApps - CacheFlow error page CSS vulnerability

    CacheFlow devices running CacheOS prior to version 4.1.07 contain a
    cross-site scripting error in the 'unresolved host' HTML error page.

    This vulnerability is confirmed and fixed in version 4.1.07.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html

    - --- Other News ---------------------------------------------------------

    *** {02.30.019} Other - Tru64 su parameter overflow

    The su utility shipped with Tru64 version 5.1 reportedly contains a
    buffer overflow that allows a local attacker to gain root privileges.

    This vulnerability is not confirmed; however, HP is suing the author of
    the published vulnerability, which we take to be vendor confirmation.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0214.html

    - --- Cross-Platform News ------------------------------------------------

    *** {02.30.001} Cross - OpenSSL multiple overflows and ASN1 parse
                    vulnerabilities

    The OpenSSL library prior to version 0.9.6e contains multiple buffer
    overflows, potentially allowing any application that uses the SSL
    functions to be (remotely) exploited. This includes various Apache
    SSL add-ons as well as SSL-capable e-mail services (SMTP, IMAP,
    etc). There is also a problem in the ASN1 parser; the impact of this
    vulnerability was not stated.

    Updated tarballs are listed at:
    http://www.openssl.org/

    Updated Debian DEBs:
    http://archives.neohapsis.com/archives/vendor/2002-q3/0006.html

    Updated EnGarde RPMs:
    http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0003.html

    Updated OpenPKG RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0381.html

    Updated Trustix RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0382.html

    Updated Red Hat RPMs:
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0024.html

    Updated Mandrake RPMs:
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0409.html

    Updated SuSE RPMs:
    http://archives.neohapsis.com/archives/linux/suse/2002-q3/0477.html

    Source: CERT, Debian, EnGarde, Trustix, Red Hat, Mandrake,
    SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/cc/2002-q3/0003.html
    http://archives.neohapsis.com/archives/vendor/2002-q3/0006.html
    http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0003.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0382.html
    http://archives.neohapsis.com/archives/linux/redhat/2002-q3/0024.html
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0409.html
    http://archives.neohapsis.com/archives/linux/suse/2002-q3/0477.html

    *** {02.30.024} Cross - Mailman ml-name CGI CSS vulnerability

    Mailman prior to version 2.0.12 contains a cross-site scripting error
    in the handling of parameters passed to the admin/ml-name CGI.

    The vendor confirmed this vulnerability and released version 2.0.12.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html

    *** {02.30.027} Cross - ezContents CGI, multiple vulnerabilities

    The ezContents PHP CGI suite contains multiple vulnerabilities,
    including file uploading, directory manipulation, authentication
    bypass, SQL injection and cross-site scripting.

    These vulnerabilities are not confirmed.

    Source: VulnWatch
    http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html

    *** {02.30.031} Cross - HylaFAX faxgetty TSI DoS

    The HylaFAX faxgetty versions prior to 4.1.3 contain a vulnerability
    in the handling of the TSI data element, thereby allowing a malicious
    connection to crash the faxgetty service, which leads to a denial of
    service attack.

    This vulnerability is confirmed and fixed in version 4.1.3.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html

    ************************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (BSD/OS)
    Comment: For info see http://www.gnupg.org

    iD8DBQE9SaB++LUG5KFpTkYRAqShAJ4pcsQUlWZyE2O/2DS4AQFSyFLqWgCgjwLX
    zvg/OBAu8+bXcSIynMFyjx4=
    =rpeB
    -----END PGP SIGNATURE-----
    ------------------------------------------------------------------------

    This issue sponsored by SPI Dynamics

    Aberdeen Alert! Using ports 80 and 443 as expressways through network
    firewalls, hackers are free to probe and breach Web applications! How
    can you combat this problem? Get the latest recommendations from
    Aberdeen in this FREE Research Report!
    http://www.spidynamics.com/mktg/aberdeen9

    ----------------------------------------------------------------------

    Become a Security Alert Consensus member! If this e-mail was passed
    to you and you would like to begin receiving our security e-mail
    newsletter on a weekly basis, we invite you to subscribe today.
    http://www.networkcomputing.com/consensus/.

    We are signing the Consensus newsletter
    with PGP. The new SANS PGP key is posted at:
    http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
    also be accessed from the SANS Web site (http://www.sans.org).

    Special Note: To better secure your confidential information,
    we will no longer include personal URLs in our Consensus
    newsletter mailings. Instead, we have created a new form
    (http://www.sans.org/sansurl). On this form you can enter the SD
    number located near your name at the top of the newsletter. When you
    submit this form, an e-mail containing a URL will be sent to you at
    the e-mail address on record. With this URL you can make changes to
    your account (edit the content of your Consensus mailing, for example)
    without endangering the security of your personal URL. If you'd like
    to change your e-mail address or other information, please visit your
    new URL as described above. If you have any problems or questions,
    e-mail us at <consensusnwc.com>.

    If you would like to unsubscribe from this newsletter, grab your SD
    number (next to your name at the top of this message) and visit the
    URL below. You will be sent a personal URL via E-mail, from which
    you can unsubscribe. http://www.sans.org/sansurl

    Missed an issue? You can find all back issues of Security Alert
    Consensus (and Security Express) online.
    http://archives.neohapsis.com/

    Your opinion counts. We'd like to hear your thoughts on Security Alert
    Consensus. E-mail any questions or comments to <consensusnwc.com>.

    Copyright (c) 2002 Network Computing, a CMP Media LLC
    publication. All Rights Reserved. Distributed by Network
    Computing (http://www.networkcomputing.com) and The SANS Institute
    (http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
    security assessment and integration services consulting group
    (infoneohapsis.com | http://www.neohapsis.com/).