|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Alert Consensus #013
From: Network Computing and The SANS Institute (sans+ZZ65272627839787701
sans.org)
Date: Thu Apr 03 2003 - 15:41:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: Your personalized newsletter
-- Security Alert Consensus --
Number 013 (03.13)
Thursday, April 3, 2003
Created for you by
Network Computing and the SANS Institute
Powered by Neohapsis
----------------------------------------------------------------------
Welcome to the latest edition of Security Alert Consensus! Below
you should find information pertaining only to the categories you
requested. Information on how to manage your subscription can be found
at the bottom of the newsletter. If you have any problems or questions,
please e-mail us at <consensusnwc.com>.
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
FREE White Paper: "Outsmart the Top 10 Web Application Attacks!"
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation,
and Parameter Manipulation.
All undetectable by Firewalls and IDS!
Download *FREE* white paper from SPI Dynamics for a complete
guide to protection!
http://www.spidynamics.com/mktg/webappsecurity82
************************** End Advertisement *************************
If you've already scrambled to fix the Sendmail vulnerability we
reported last week, well guess what: You have to do it all over
again. A new Sendmail vulnerability was found and it requires yet
another upgrade. The new vulnerability is reported as item {03.13.006}.
It seems the final nail potentially has been placed into the coffin of
Windows NT. Last week, Microsoft released security bulletin MS03-010,
which details how anyone with access to port 135 can crash the RPC
endmapper service, thereby taking down all RCP functionality and
some COM functionality, too. According to Microsoft, the Windows
NT architecture has proven unable to accommodate a fix; thus,
Windows NT systems are just going to have to go on being vulnerable,
indefinitely. This leaves a large threat to internal Windows NT
systems, particularly older domain controllers and WINS servers that
have not been migrated to Windows 2000 or later. Let's just hope the
next big Internet worm that manages to slither into private networks
doesn't tickle this vulnerability, since there's no way to defend
against it. More information is reported in item {03.13.017}.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{03.13.017} Win - MS03-010: RPC endpoint mapper DoS
{03.13.018} Win - QuickTime player URL overflow
{03.13.023} Win - JWalk application server Web root escaping
{03.13.025} Win - Sambar sample CGI vulnerabilities
{03.13.029} Win - HP Instant TopTools infinite loop DoS
{03.13.001} Linux - Update {03.04.005}: dhcprelay invalid BOOTP packet
flood/DoS
{03.13.003} Linux - Red Hat 9 vsftpd does not use tcp_wrappers
{03.13.004} Linux - Update {03.08.017}: Terminal escape sequence
vulnerabilities
{03.13.005} Linux - Update {03.12.009}: Mutt IMAP client folder overflow
{03.13.009} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
{03.13.011} Linux - Update {03.11.009}: Samba packet reassembly overflow
{03.13.015} Linux - Update {03.12.020}: apcupsd multiple vulnerabilities
{03.13.016} Linux - Update {03.11.024}: Kerberos v4 protocol weaknesses
{03.13.020} Linux - Update {03.08.001}: OpenSSL timing attack info leak
{03.13.021} Linux - Update {03.10.013}: lprm local buffer overflow
{03.13.014} BSD - Update {03.10.025}: zlib gzprintf overflow
{03.13.012} Sol - dtsession HOME environment variable overflow
{03.13.013} Sol - lpstat/lpq bsd_queue() overflow
{03.13.022} SGI - IRIX FTP server updates
{03.13.024} NetDev - Axis video/camera server multiple CGI
vulnerabilities
{03.13.002} Cross - Update {03.11.010}: OpenSSL timing attack/private
key disclosure
{03.13.006} Cross - Sendmail address parsing extended character overflow
{03.13.007} Cross - Vulnerable PHP applications 04/01
{03.13.008} Cross - RealPlayer PNG deflate heap overflow
{03.13.010} Cross - Update {03.12.004}: xdrmem getbytes RPC overflow
{03.13.019} Cross - Apache 2.0.45 released, fixes DoS and fd leak
{03.13.026} Cross - listar/ecartis unauthorized password change
{03.13.027} Cross - Snort SYN/FIN/ECN packets ignored
{03.13.028} Cross - Eye of Gnome parameter format string vulnerability
{03.13.030} Cross - SAP DB world-writable files
- --- Windows News -------------------------------------------------------
*** {03.13.017} Win - MS03-010: RPC endpoint mapper DoS
Microsoft released MS03-010 ("RPC endpoint mapper DoS"). The RPC
endpoint mapper, which listens via port 135 on Windows NT, 2000 and
XP, can be caused to fail, thereby leading to a denial of service if
an attacker sends a particular malformed packet to the service.
Important: Because of architectural limitations, Windows NT will
NOT be fixed. This means that anyone able to access port 135 on your
Windows NT machine can disrupt all RPC and COM functionality.
FAQ and patch:
http://www.microsoft.com/technet/security/bulletin/MS03-010.asp
Source: Microsoft
http://archives.neohapsis.com/archives/microsoft/2003-q1/0013.html
*** {03.13.018} Win - QuickTime player URL overflow
Apple's QuickTime player versions prior to version 6.1 have a remotely
exploitable buffer overflow in the handling of quicktime:// URLs. It
allows a malicious Web site to execute arbitrary code on the user's
system.
This vulnerability is confirmed and fixed in version 6.1.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html
*** {03.13.023} Win - JWalk application server Web root escaping
The JWalk application server version 3.2C9 allows remote attackers
to access files outside the Web root by using an encoded '..' request
variant.
The advisory indicates vendor confirmation and a fix in version 3.3c4.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0357.html
*** {03.13.025} Win - Sambar sample CGI vulnerabilities
The Sambar Web server version 5.3 reportedly contains multiple
vulnerabilities in the various sample/default CGIs: path disclosure;
cross-site scripting; and environment information leakage.
These vulnerabilities are not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0155.html
*** {03.13.029} Win - HP Instant TopTools infinite loop DoS
HP's Instant TopTools prior to version 5.55 includes a Web server
running on port 280. By submitting a particular recursive request,
the server can be placed in an infinite loop, thereby causing a denial
of service.
This vulnerability is confirmed and fixed in version 5.55.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html
- --- Linux News ---------------------------------------------------------
*** {03.13.001} Linux - Update {03.04.005}: dhcprelay invalid BOOTP
packet flood/DoS
Red Hat released updated dhcpd packages, which fix the vulnerability
discussed in {03.04.005} ("dhcprelay invalid BOOTP packet flood/DoS").
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0089.html
*** {03.13.003} Linux - Red Hat 9 vsftpd does not use tcp_wrappers
Red Hat released an advisory indicating the Red Hat 9 vsftpd RPM
does not use tcp_wrappers, thereby causing it to ignore security
configurations.
Updated RPMs are listed at the reference URL below.
Source: Red Hat
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0003.html
*** {03.13.004} Linux - Update {03.08.017}: Terminal escape sequence
vulnerabilities
Mandrake released updated eterm packages, which fix the vulnerability
discussed in {03.08.017} ("Terminal escape sequence vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: Mandrake
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0010.html
*** {03.13.005} Linux - Update {03.12.009}: Mutt IMAP client folder
overflow
Mandrake and Debian released updated Mutt packages, which fix the
vulnerability discussed in {03.12.009} ("Mutt IMAP client folder
overflow").
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0011.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/1002.html
Source: Mandrake, Debian
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0011.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/1002.html
*** {03.13.009} Linux - Update {03.11.005}: Linux 2.2/2.4 ptrace
vulnerability
Mandrake and Debian released updated kernel packages, which fix
the vulnerability discussed in {03.11.005} ("Linux 2.2/2.4 ptrace
vulnerability").
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0216.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0217.html
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0986.html
Source: Mandrake, Debian
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0216.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q1/0217.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0986.html
*** {03.13.011} Linux - Update {03.11.009}: Samba packet reassembly
overflow
Slackware and Immunix released updated samba packages, which fix
the vulnerability discussed in {03.11.009} ("Samba packet reassembly
overflow").
Slackware update information:
http://archives.neohapsis.com/archives/bugtraq/2003-03/0455.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0076.html
Source: Slackware (SF Bugtraq), Immunix
http://archives.neohapsis.com/archives/bugtraq/2003-03/0455.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0076.html
*** {03.13.015} Linux - Update {03.12.020}: apcupsd multiple
vulnerabilities
SuSE released updated apcupsd packages, which fix the vulnerabilities
discussed in {03.12.020} ("apcupsd multiple vulnerabilities").
Updated RPMs are listed at the reference URL below.
Source: SuSE
http://archives.neohapsis.com/archives/linux/suse/2003-q1/0895.html
*** {03.13.016} Linux - Update {03.11.024}: Kerberos v4 protocol
weaknesses
Multiple vendors released updated packages that fix the vulnerability
discussed in {03.11.024} ("Kerberos v4 protocol weaknesses").
Updated Debian DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0951.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0968.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0084.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0013.html
Source: Debian, Red Hat, Mandrake
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0951.html
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0968.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0084.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0013.html
*** {03.13.020} Linux - Update {03.08.001}: OpenSSL timing attack info
leak
Updated stunnel versions were released. They fix the vulnerability
discussed in {03.08.001} ("OpenSSL timing attack info leak").
Updates are available at:
http://www.stunnel.org/
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0327.html
*** {03.13.021} Linux - Update {03.10.013}: lprm local buffer overflow
Debian released updated lpr packages, which fix the vulnerability
discussed in {03.10.013} ("lprm local buffer overflow").
Updated DEBs are listed at the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0953.html
- --- BSD News -----------------------------------------------------------
*** {03.13.014} BSD - Update {03.10.025}: zlib gzprintf overflow
NetBSD released an advisory about the vulnerability discussed in
{03.10.025} ("zlib gzprintf overflow").
NetBSD CVS branches as of Mar. 6, 2003, contain the fix.
Source: NetBSD
http://archives.neohapsis.com/archives/netbsd/2003-q1/0081.html
- --- Solaris News -------------------------------------------------------
*** {03.13.012} Sol - dtsession HOME environment variable overflow
The CDE dtsession management utility improperly handles a large HOME
environment variable, thereby causing a buffer overflow that can
allow a local attacker to execute code with root privileges.
This vulnerability is confirmed. The following patches were released:
Solaris 2.67: 106027-12
Solaris 2.6_x86: 106028-12
Solaris 7: 107702-12
Solaris 7_x86: 107703-12
Solaris 8: 109354-19
Solaris 8_x86: 109355-18
Solaris 9: 114497-01
Solaris 9_x86: 114498-01
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html
*** {03.13.013} Sol - lpstat/lpq bsd_queue() overflow
The lpstat/lpq utility on Solaris 2.7 and 7 contains a locally
exploitable buffer overflow in the bsd_queue() function that allows
an attacker to execute arbitrary code with root privileges.
The vendor confirmed this vulnerability and released patches:
Solaris 2.6: 106235-12
Solaris 2.6_x86: 106236-12
Solaris 7: 107115-12
Solaris 7_x86: 107116-12
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html
- --- SGI News -----------------------------------------------------------
*** {03.13.022} SGI - IRIX FTP server updates
SGI released updates for IRIX 6.5.0 through 6.5.19 for various FTP
server vulnerabilities found over three years ago.
Full patch information is available at the reference URL below.
Source: SGI
http://archives.neohapsis.com/archives/vendor/2003-q1/0095.html
- --- Network Devices News -----------------------------------------------
*** {03.13.024} NetDev - Axis video/camera server multiple CGI
vulnerabilities
Various Axis video and camera devices contain multiple CGI
vulnerabilities that allow a remote attacker to view the system log
and manipulate the local file system.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html
- --- Cross-Platform News ------------------------------------------------
*** {03.13.002} Cross - Update {03.11.010}: OpenSSL timing
attack/private key disclosure
Multiple vendors released updated OpenSSL packages, which fix the
vulnerability discussed in {03.11.010} ("OpenSSL timing attack/private
key disclosure").
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0001.html
NetBSD CVS branches as of Mar. 21, 2003, contain the fix.
Updated Trustix RPMs:
http://archives.neohapsis.com/archives/bugtraq/2003-03/0400.html
Updated Immunix RPMs:
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0075.html
Source: Red Hat, NetBSD, Trustix (SF Bugtraq), Immunix
http://archives.neohapsis.com/archives/linux/redhat/2003-q2/0001.html
http://archives.neohapsis.com/archives/netbsd/2003-q1/0083.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0400.html
http://archives.neohapsis.com/archives/linux/immunix/2003-q1/0075.html
*** {03.13.006} Cross - Sendmail address parsing extended character
overflow
Another address parsing buffer overflow was found in Sendmail prior
to version 8.12.9 and 8.11.7.
Updated source code can be downloaded from:
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.7.tar.gz
OpenBSD patch information:
http://archives.neohapsis.com/archives/openbsd/2003-03/2532.html
Updated Red Hat RPMs:
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0088.html
Updated SuSE RPMs:
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0004.html
Updated Mandrake RPMs:
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0012.html
Slackware update information:
http://archives.neohapsis.com/archives/bugtraq/2003-03/0454.html
FreeBSD CVS branches as of Mar. 29, 2003, contain a fix.
Source: Sendmail, OpenBSD, Red Hat, SuSE, Mandrake, SecurityFocus
Bugtraq, FreeBSD
http://archives.neohapsis.com/archives/sendmail/2003-q1/0002.html
http://archives.neohapsis.com/archives/sendmail/2003-q1/0003.html
http://archives.neohapsis.com/archives/openbsd/2003-03/2532.html
http://archives.neohapsis.com/archives/linux/redhat/2003-q1/0088.html
http://archives.neohapsis.com/archives/linux/suse/2003-q2/0004.html
http://archives.neohapsis.com/archives/linux/mandrake/2003-q2/0012.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0454.html
http://archives.neohapsis.com/archives/freebsd/2003-03/0268.html
*** {03.13.007} Cross - Vulnerable PHP applications 04/01
The following is a list of reportedly vulnerable third-party PHP CGI
applications. These vulnerabilities are not confirmed.
Beanwebb 1.0: admin access; cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-03/0448.html
Justice Guestbook 1.3: path disclosure; cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-03/0449.html
ScozBook 1.1: path disclosure; cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-03/0450.html
PHP-Nuke block-Forums.php: cross-site scripting
http://archives.neohapsis.com/archives/bugtraq/2003-03/0469.html
Xonix News 1.0: arbitrary script execution
http://archives.neohapsis.com/archives/bugtraq/2003-03/0474.html
Post-Nuke 0.7.2.3: path disclosure
http://archives.neohapsis.com/archives/bugtraq/2003-03/0424.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0448.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0449.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0450.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0469.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0474.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0424.html
*** {03.13.008} Cross - RealPlayer PNG deflate heap overflow
Various versions of RealPlayer and RealOne Player for Windows and
Mac OS are vulnerable to a buffer overflow in the decompressing of
PNG graphics. This leads to the remote execution of arbitrary code
by a malicious e-mail or Web server.
This vulnerability is confirmed. Updates are available at:
http://service.real.com/help/faq/security/securityupdate_march2003.html
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
*** {03.13.010} Cross - Update {03.12.004}: xdrmem getbytes RPC overflow
Multiple vendors released updated packages, which fix the vulnerability
discussed in {03.12.004} ("xdrmem getbytes RPC overflow").
Updated Debian dietlibc DEBs:
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0998.html
NetBSD CVE branches as of Mar. 21, 2003, contain a fix.
Updated Trustix glibc RPMs:
http://archives.neohapsis.com/archives/bugtraq/2003-03/0411.html
HP-UX and Tru64 update information:
http://archives.neohapsis.com/archives/compaq/2003-q2/0001.html
http://archives.neohapsis.com/archives/compaq/2003-q2/0002.html
Source: Debian, NetBSD, Trustix (SF Bugtraq), HP
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0998.html
http://archives.neohapsis.com/archives/netbsd/2003-q1/0084.html
http://archives.neohapsis.com/archives/bugtraq/2003-03/0411.html
http://archives.neohapsis.com/archives/compaq/2003-q2/0001.html
http://archives.neohapsis.com/archives/compaq/2003-q2/0002.html
*** {03.13.019} Cross - Apache 2.0.45 released, fixes DoS and fd leak
Apache version 2.0.45 was released. This latest version fixes two
security-related problems: a yet-to-be-disclosed denial of service
attack and a bug that causes open file descriptors to be leaked to
CGI processes.
The latest source can be downloaded from:
http://www.apache.org/dist/httpd/
Source: Apache
http://archives.neohapsis.com/archives/apache/2003/0001.html
*** {03.13.026} Cross - listar/ecartis unauthorized password change
The listar/ecartis mailing list management suite allows a remote
attacker to change arbitrary mailing list user passwords.
This vulnerability is confirmed. Updated Debian DEBs are listed at
the reference URL below.
Source: Debian
http://archives.neohapsis.com/archives/linux/debian/2003-q1/0989.html
*** {03.13.027} Cross - Snort SYN/FIN/ECN packets ignored
Snort version 1.9.1 does not properly log packets having the SYN,
FIN and ECN echo bits set, potentially allowing certain DoS attacks
and port scans to go undetected.
This vulnerability is confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0422.html
*** {03.13.028} Cross - Eye of Gnome parameter format string
vulnerability
The Gnome suite's "Eye of Gnome" image viewer versions 2.2.0 and
prior contain a format string vulnerability in the handling of
command-line parameters, potentially allowing a malicious e-mail
to execute arbitrary code if the EOG viewer is used to view e-mail
graphic attachments.
This vulnerability is confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html
*** {03.13.030} Cross - SAP DB world-writable files
The SAPDB version 7.4 RPMs distributed by SAP incorrectly set two
server binaries as world-writable, potentially allowing a local
attacker to gain elevated privileges.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0465.html
************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE+jKP3+LUG5KFpTkYRAmQrAJ9SihmbjIX8dWxcqvlTbSEDOpLlggCfXyoa
ofepaiuoOxLKLX8WCTxAzdI=
=bITo
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
************************* Begin Advertisement ************************
This issue sponsored by SPI Dynamics.
FREE White Paper: "Outsmart the Top 10 Web Application Attacks!"
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, Cookie Manipulation,
and Parameter Manipulation.
All undetectable by Firewalls and IDS!
Download *FREE* white paper from SPI Dynamics for a complete
guide to protection!
http://www.spidynamics.com/mktg/webappsecurity82
************************** End Advertisement *************************
Become a Security Alert Consensus member! If this e-mail was passed
to you and you would like to begin receiving our security e-mail
newsletter on a weekly basis, we invite you to subscribe today.
http://www.sans.org/sansnews/
We are signing the Consensus newsletter
with PGP. The new SANS PGP key is posted at:
http://www.pgp.net:11371/pks/lookup?op=get&search=0xA1694E46 and can
also be accessed from the SANS Web site (http://www.sans.org).
Special Note: To better secure your confidential information,
we will no longer include personal URLs in our Consensus
newsletter mailings. Instead, we have created a new form
(http://www.sans.org/sansurl). On this form you can enter the SD
number located near your name at the top of the newsletter. When you
submit this form, an e-mail containing a URL will be sent to you at
the e-mail address on record. With this URL you can make changes to
your account (edit the content of your Consensus mailing, for example)
without endangering the security of your personal URL. If you'd like
to change your e-mail address or other information, please visit your
new URL as described above. If you have any problems or questions,
e-mail us at <consensusnwc.com>.
If you would like to unsubscribe from this newsletter, grab your SD
number (next to your name at the top of this message) and visit the
URL below. You will be sent a personal URL via E-mail, from which
you can unsubscribe. http://www.sans.org/sansurl
Missed an issue? You can find back issues of Security Alert Consensus
(and other SANS newsletters) online. http://www.sans.org/newsletters
Your opinion counts. We'd like to hear your thoughts on Security Alert
Consensus. E-mail any questions or comments to <consensusnwc.com>.
Copyright (c) 2003 Network Computing, a CMP Media LLC
publication. All Rights Reserved. Distributed by Network
Computing (http://www.networkcomputing.com) and The SANS Institute
(http://www.sans.org). Powered by Neohapsis Inc., a Chicago-based
security assessment and integration services consulting group
(infoneohapsis.com | http://www.neohapsis.com/).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]