ISS Security Alert Summary AS03-50

From: X-Force (xforce_at_iss.net)
Date: 12/15/03

  • Next message: Beatie, Breck (ISSMountain View): "RE: Values to use for a salt?"
    To: alert@iss.net
    Date: Mon, 15 Dec 2003 14:13:02 -0500 (EST)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert Summary AS03-50
    December 15, 2003

    X-Force Vulnerability and Threat Database:
    http://xforce.iss.net/

    To receive these Alert Summaries, as well as other Alerts and
    Advisories, subscribe to the Internet Security Systems Alert
    mailing list at:
    https://atla-mm1.iss.net/mailman/listinfo/alert

    This summary is available at the following address:
    http://xforce.iss.net/xforce/alerts/id/AS03-50
    _____
    Contents:
    * 55 Reported Vulnerabilities
    * Risk Factor Key
    _____

    Date Reported: 12/05/2003
    Brief Description: Jason's Guestbook metacharacter cross-site
                        scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Jason's Guestbook 3.0, Linux Any version, Unix Any
                        version, Windows Any version
    Vulnerability: guestbook-metacharacter-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13912

    Date Reported: 12/05/2003
    Brief Description: CDE dtprintinfo print viewer allows elevated
                        privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Common Desktop Environment (CDE) Any version,
                        Common Desktop Environment (CDE) Any version,
                        Common Desktop Environment (CDE) Any version,
                        Solaris 2.6, Solaris 7, Solaris 8, Solaris 9
    Vulnerability: cde-dtprintinfo-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13914

    Date Reported: 12/04/2003
    Brief Description: Novell NetWare NFS Server allows unauthorized
                        access to shares
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Novell NetWare 6.5, Novell NetWare NFS Server prior
                        to 1.01.08
    Vulnerability: netware-nfs-share-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13915

    Date Reported: 12/05/2003
    Brief Description: Yahoo! Messenger IMVironment cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Windows Me, Windows XP, Yahoo! Messenger 5.5 b1249,
                        Yahoo! Messenger 5.6 b1355
    Vulnerability: yahoo-messenger-imvironment-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13916

    Date Reported: 12/08/2003
    Brief Description: Abyss Web Server directory password bypass
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Abyss Web Server Prior to 1.2, Linux Any version
    Vulnerability: abyss-directory-password-bypass
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13917

    Date Reported: 12/05/2003
    Brief Description: VP-ASP shopdisplayproducts.asp cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, VP-ASP prior
                        to 4.5, Windows Any version
    Vulnerability: vpasp-shopdisplayproducts-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13918

    Date Reported: 12/04/2003
    Brief Description: 4inarow PATH environment variable allows elevated
                        privileges
    Risk Factor: High
    Attack Type: Host Based
    Platforms: 4inarow Any version, Linux Any version
    Vulnerability: 4inarow-path-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13919

    Date Reported: 12/04/2003
    Brief Description: 4inarow sscanf buffer overflow
    Risk Factor: High
    Attack Type: Host Based
    Platforms: 4inarow Any version, Linux Any version, Unix Any
                        version
    Vulnerability: 4inarow-sscanf-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13920

    Date Reported: 12/05/2003
    Brief Description: Sun StorEdge improper ELNRNG message return
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Solaris 8, Solaris 9, Sun StorEdge Performance
                        Suite 4.0, Sun StorEdge Utilization Suite 4.0
    Vulnerability: storedge-elnrng-msg-return
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13921

    Date Reported: 12/07/2003
    Brief Description: Land Down Under auth.php SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Land Down Under
                        601
    Vulnerability: landdownunder-auth-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13922

    Date Reported: 12/07/2003
    Brief Description: WebEye Video Server information disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: WebEye Video Server Any version, Windows Any
                        version
    Vulnerability: webeye-obtain-information
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13923

    Date Reported: 12/05/2003
    Brief Description: XOOPS banners.php SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, Windows Any
                        version, XOOPS 1.3.x, XOOPS 2.0.X through 2.0.5
    Vulnerability: xoops-bannersphp-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13924

    Date Reported: 12/06/2003
    Brief Description: cdwrite creates insecure temporary files
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: cdwrite 1.3, Linux Any version, Unix Any version
    Vulnerability: cdwrite-tmpfile-insecure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13925

    Date Reported: 12/05/2003
    Brief Description: XOOPS edituser.php and imagemanager.php scripts SQL
                        injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Unix Any version, Windows Any
                        version, XOOPS 1.3.x, XOOPS 2.0.X through 2.0.5
    Vulnerability: xoops-multiplescripts-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13926

    Date Reported: 12/07/2003
    Brief Description: eZ software eZnet.exe buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: eZ 3.5 and earlier, Windows Any version
    Vulnerability: ezsoftware-eznetexe-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13928

    Date Reported: 12/08/2003
    Brief Description: CVS malformed module file manipulation
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: CVS (Concurrent Versions System) prior to 1.11.10,
                        CVS (Concurrent Versions System) prior to 1.11.10,
                        CVS (Concurrent Versions System) prior to 1.11.10,
                        Gentoo Linux Any version, Mandrake Linux 9.1,
                        Mandrake Linux 9.2, Slackware Linux 8.0, Slackware
                        Linux 9.0, Slackware Linux 9.1, Slackware Linux
                        current, Unix Any version, Windows NT Any version
    Vulnerability: cvs-module-file-manipulation
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13929

    Date Reported: 12/09/2003
    Brief Description: snif path cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, snif 1.2.6
    Vulnerability: snif-path-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13930

    Date Reported: 12/09/2003
    Brief Description: Ben's Guestbook comments field cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Ben's Guestbook 1.0, Linux Any version, Unix Any
                        version
    Vulnerability: bensguestbook-comments-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13931

    Date Reported: 12/09/2003
    Brief Description: Mantis cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Mac OS Any version, Mantis prior to 0.18.0, OS/2
                        Any version, Unix Any version, Windows Any version
    Vulnerability: mantis-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13932

    Date Reported: 12/02/2003
    Brief Description: Linux kernel concurrent events denial of service
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Fedora Core 1, Linux kernel 2.4.22 and earlier
    Vulnerability: linux-concurrent-event-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13933

    Date Reported: 12/08/2003
    Brief Description: BNCweb BNCquery.pl script information disclosure
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: BNCweb Any version, Linux Any version, Mac OS X Any
                        version, Unix Any version
    Vulnerability: bncweb-bncquery-view-files
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13934

    Date Reported: 12/09/2003
    Brief Description: Microsoft Internet Explorer domain URL spoofing
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Microsoft Internet Explorer 6.0.2800.1106, Windows
                        Any version
    Vulnerability: ie-domain-url-spoofing
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13935

    Date Reported: 12/09/2003
    Brief Description: @Mail WebMail System showmail.pl email access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: @Mail WebMail System 3.52 Demo, Windows 2000
                        Advanced Server, Windows 2000 Any version, Windows
                        NT Any version, Windows XP Any version
    Vulnerability: atmailwebmailsystem-showmail-email-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13936

    Date Reported: 12/09/2003
    Brief Description: Multiple vendor XML/SOAP HTTP server SOAP request
                        denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: ColdFusion MX 6.0, ColdFusion MX 6.1, IBM WebSphere
                        5.0.0, IBM WebSphere 5.0.1, IBM WebSphere 5.0.2,
                        IBM WebSphere 5.0.2.1, JRun 4.0, Linux Any version,
                        Microsoft .NET Framework 1.0, Microsoft .NET
                        Framework 1.1, Windows Any version
    Vulnerability: xml-soap-request-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13937

    Date Reported: 12/09/2003
    Brief Description: @Mail WebMail System atmail.pl, search.pl, and
                        reademail.pl scripts SQL injection
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: @Mail WebMail System 3.52 Demo, Windows 2000
                        Advanced Server, Windows 2000 Any version, Windows
                        NT Any version, Windows XP Any version
    Vulnerability: atmailwebmailsystem-multiple-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13938

    Date Reported: 12/09/2003
    Brief Description: @Mail session hijack
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: @Mail WebMail System 3.52 Demo, Windows 2000
                        Advanced Server, Windows 2000 Any version, Windows
                        NT Any version, Windows XP Any version
    Vulnerability: atmail-session-hijack
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13939

    Date Reported: 12/09/2003
    Brief Description: @Mail showmail.pl cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: @Mail WebMail System 3.52 Demo, Windows 2000
                        Advanced Server, Windows 2000 Any version, Windows
                        NT Any version, Windows XP Any version
    Vulnerability: atmail-showmailpl-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13940

    Date Reported: 12/05/2003
    Brief Description: NetScreen ScreenOS allows access to timed out
                        session
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: NetScreen Any version, ScreenOS prior to 5.0
    Vulnerability: netscreen-screenos-session-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13942

    Date Reported: 12/04/2003
    Brief Description: Linux kernel RTC memory link
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: Linux kernel 2.4.22 and earlier, SuSE eMail Server
                        3.1, SuSE eMail Server III Any version, SuSE Linux
                        7.3, SuSE Linux 8.0, SuSE Linux 8.1, SuSE Linux
                        8.2, SuSE Linux 9.0, SuSE Linux Database Server Any
                        version, SuSE Linux Desktop 1.0, SuSE Linux
                        Enterprise Server 7, SuSE Linux Firewall Any
                        version, SuSE Linux Office Server Any version, SuSE
                        Linux School Server Any version
    Vulnerability: linux-rtc-memory-leak
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13943

    Date Reported: 12/10/2003
    Brief Description: Sybase SQL Anywhere Studio format string
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Sybase SQL Anywhere Studio 9, Windows 2000 Any
                        version, Windows XP Any version
    Vulnerability: sybase-sqlanywherestudio-format-string
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13944

    Date Reported: 12/10/2003
    Brief Description: Cisco ACNS long password buffer overflow
    Risk Factor: High
    Attack Type: Network Based
    Platforms: ACNS prior to 4.2.11, ACNS prior to 5.0.5
    Vulnerability: cisco-acns-password-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13945

    Date Reported: 12/10/2003
    Brief Description: VisitorBook line break denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Unix Any version, VisitorBook any version
    Vulnerability: visitorbook-line-break-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13946

    Date Reported: 12/10/2003
    Brief Description: Cisco Unity has default user account and IP
                        addresses
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Cisco Unity Any version
    Vulnerability: cisco-unity-default-account
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13947

    Date Reported: 12/10/2003
    Brief Description: VisitorBook 'do' cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Unix Any version, VisitorBook any version
    Vulnerability: visitorbook-do-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13948

    Date Reported: 12/10/2003
    Brief Description: VisitorBook open mail relay
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Unix Any version, VisitorBook any version
    Vulnerability: visitorbook-open-mail-relay
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13949

    Date Reported: 12/10/2003
    Brief Description: Sybase SQL Anywhere Studio multiple buffer
                        overflows
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Sybase SQL Anywhere Studio 9, Windows 2000 Any
                        version, Windows XP Any version
    Vulnerability: sybase-sqlanywherestudio-multiple-bo
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13950

    Date Reported: 12/10/2003
    Brief Description: Sybase SQL Anywhere Studio denial of service in
                        multiple functions
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Sybase SQL Anywhere Studio 9, Windows 2000 Any
                        version, Windows XP Any version
    Vulnerability: sybase-sqlanywherestudio-multiple-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13951

    Date Reported: 12/10/2003
    Brief Description: Sun Solaris Text Editor ed(1) creates insecure
                        temporary files
    Risk Factor: High
    Attack Type: Host Based
    Platforms: Solaris 2.6, Solaris 7, Solaris 8
    Vulnerability: solaris-ed1-tmpfile-insecure
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13952

    Date Reported: 12/09/2003
    Brief Description: NETGEAR WAB102 allows unauthorized access
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: NETGEAR WAB102 1.2.3
    Vulnerability: netgear-wab102-unauth-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13953

    Date Reported: 12/09/2003
    Brief Description: NETGEAR WAB102 could reset to default password
                        after power outage
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: NETGEAR WAB102 1.2.3
    Vulnerability: netgear-wab102-password-reset
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13954

    Date Reported: 12/11/2003
    Brief Description: sipd gethostbyname_r denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: Linux Any version, sipd 0.1.2
    Vulnerability: sipd-gethostbyname-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13958

    Date Reported: 12/11/2003
    Brief Description: Mambo Site Server articles.php SQL injection
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, Mac OS X Any version, Mambo Site
                        Server 4.0.14, Solaris Any version, Windows Any
                        version
    Vulnerability: mambo-articlesphp-sql-injection
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13959

    Date Reported: 12/10/2003
    Brief Description: FlashGet stores user passwords in plain text in
                        Windows registry
    Risk Factor: Medium
    Attack Type: Host Based
    Platforms: FlashGet 0.9 through 1.2, Windows Any version
    Vulnerability: flashget-registry-plaintext-password
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13960

    Date Reported: 12/10/2003
    Brief Description: Mambo Site Server regglobals.php modify
                        configuration variables
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Mac OS X Any version, Mambo Site
                        Server 4.0.14, Solaris Any version, Windows Any
                        version
    Vulnerability: Mambo-regglobals-configuration-modify
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13961

    Date Reported: 12/10/2003
    Brief Description: Mambo Site Server user.php allows data modification
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Linux Any version, Mac OS X Any version, Mambo Site
                        Server 4.5 Beta 1.0.3, Solaris Any version, Windows
                        Any version
    Vulnerability: mambo-user-modify-data
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13962

    Date Reported: 12/11/2003
    Brief Description: Cyclonic WebMail sids subfolder session hijack
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Cyclonic WebMail 4, Linux Any version, Unix Any
                        version
    Vulnerability: cyclonic-sids-session-hijack
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13964

    Date Reported: 12/10/2003
    Brief Description: Cyclonic WebMail allows access to stored email file
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Cyclonic WebMail 4, Linux Any version, Unix Any
                        version
    Vulnerability: cyclonicwebmail-email-file-access
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13966

    Date Reported: 12/10/2003
    Brief Description: VisitorBook reverse DNS lookup spoofing
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Unix Any version, VisitorBook any version
    Vulnerability: visitorbook-reverse-dns-spoofing
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13967

    Date Reported: 12/10/2003
    Brief Description: Cyclonic WebMail spoof email messages
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Cyclonic WebMail 4, Linux Any version, Unix Any
                        version
    Vulnerability: cyclonicwebmail-spoof-email
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13968

    Date Reported: 12/11/2003
    Brief Description: Unicenter Remote Control (URC) denial of service
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Unicenter Remote Control 6.0, Windows Any version
    Vulnerability: urc-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13970

    Date Reported: 12/11/2003
    Brief Description: Unicenter Remote Control (URC) help interface
                        allows elevated privileges
    Risk Factor: High
    Attack Type: Network Based
    Platforms: ControlIT Advanced Edition 5.0, ControlIT
                        Enterprise Edition 5.0, ControlIT Enterprise
                        Edition 5.1, Unicenter Remote Control 5.2,
                        Unicenter Remote Control 6.0, Unicenter Remote
                        Control Option 5.0, Unicenter Remote Control Option
                        5.1, Unicenter Remote Control Option German 5.1,
                        Windows 2000 Any version, Windows 2003 Server,
                        Windows NT Any version, Windows XP Any version
    Vulnerability: urc-help-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13971

    Date Reported: 12/12/2003
    Brief Description: Hermes PHP file include
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Hermes prior to
                        0.3.0 beta1
    Vulnerability: hermes-php-file-include
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13972

    Date Reported: 12/10/2003
    Brief Description: irssi denial of service
    Risk Factor: Low
    Attack Type: Network Based
    Platforms: irssi prior to 0.8.9, Linux Any version, Unix Any
                        version
    Vulnerability: irssi-dos
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13973

    Date Reported: 12/07/2003
    Brief Description: NeoStats running on Unreal IRCd server allows
                        elevated privileges
    Risk Factor: High
    Attack Type: Network Based
    Platforms: Linux Any version, NeoStats 2.5.9, Unix Any version
    Vulnerability: neostats-unreal-gain-privileges
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13974

    Date Reported: 12/10/2003
    Brief Description: Web-based Email services cross-site scripting
    Risk Factor: Medium
    Attack Type: Network Based
    Platforms: Any operating system Any version, Excite Email any
                        version, Outblaze Email Any Version, Yahoo! Email
                        any version
    Vulnerability: webbased-email-xss
    X-Force URL: http://xforce.iss.net/xforce/xfdb/13976

    _____

    Risk Factor Key:

         High Security issues that allow immediate remote, or local access
                  or immediate execution of code or commands, with unauthorized
                  privileges. Examples are most buffer overflows, backdoors,
                  default or no password, and bypassing security on firewalls
                  or other network components.
         Medium Security issues that have the potential of granting access or
                  allowing code execution by means of complex or lengthy exploit
                  procedures, or low risk issues applied to major Internet
                  components. Examples are cross-site scripting, man-in-the-middle
                  attacks, SQL injection, denial of service of major applications,
                  and denial of service resulting in system information disclosure
                  (such as core files).
         Low Security issues that deny service or provide non-system
                  information that could be used to formulate structured attacks
                  on a target, but not directly gain unauthorized access. Examples
                  are brute force attacks, non-system information disclosure
                  (configurations, paths, etc.), and denial of service attacks.

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforce@iss.net for
    permission.

    Disclaimer: The information within this paper may change without notice. Internet
    Security Systems provides this information on an AS IS basis with NO warranties,
    implied or otherwise. Any use of this information is at the user's risk. In no event
    shall Internet Security Systems be held liable for any damages whatsoever arising
    out of or in connection with the use or dissemination of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://xforce.iss.net/xforce/sensitive.php

    Please send suggestions, updates, and comments to: X-Force
    xforce@iss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBP94HlDRfJiV99eG9AQHOwgQAo46mSQtVSNBgTdYmPpmJHvmMnic6jHBJ
    F3hCZ1RR2np3eOHDt5HNN3Y/2ILVELKUui8B03GXzqxn+G2sNaGnAg6Zbxe8w47I
    jYqMQXykIckfdaz77LQ2XrcLbdzOFps6m06TCfJlG4NvDNCkVtBGZXtcyz6fF48z
    zfPsgP238HU=
    =YyZp
    -----END PGP SIGNATURE-----


  • Next message: Beatie, Breck (ISSMountain View): "RE: Values to use for a salt?"