From xforce@iss.net Tue Apr 4 05:55:07 2000 From: X-Force Resent-From: mea culpa To: alert@iss.net Resent-To: jericho@attrition.org Date: Mon, 3 Apr 2000 14:43:05 -0400 (EDT) Subject: ISSalert: ISS Security Alert Summary: Volume 5 Number 3 TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS Security Alert Summary April 1, 2000 Volume 5 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert'. _____ Contents 33 Reported Vulnerabilities - windmail-pipe-command - windmail-fileread - simpleserver-exception-dos - linux-domain-socket-dos - linux-gpm-root - outlook-manipulate-hidden-drives - vqserver-dir-traverse - vqserver-passwd-plaintext - iis-chunked-encoding-dos - nav-email-gateway-dos - netscape-server-directory-indexing - mercur-webview-get-dos - officescan-admin-pw-plaintext - officescan-admin-access - linux-kreatecd-path - win-dos-devicename-dos - wmcdplay-bo - nt-registry-permissions - staroffice-scheduler-fileread - staroffice-scheduler-bo - iis-root-enum - mssql-query-abuse - clipart-cil-bo - oracle-installer - linux-rpm-query - thebat-mua-attach - irix-infosrch-fname - linux-dosemu-config - coldfusion-reveal-pathname - netscape-enterprise-command-bo - nmh-execute-code - htdig-remote-read - ie-html-shortcut Risk Factor Key _____ Date Reported: 3/25/00 Vulnerability: windmail-pipe-command Platforms Affected: WindMail 3.0 Risk Factor: High Attack Type: Network Based WindMail is a command-line email messenger for Windows that can create mail forms for web sites from CGI scripts. By issuing an HTTP command that includes the pipe character, an attacker could execute arbitrary commands on the vulnerable system. Reference: Bugtraq Mailing List: "Windmail allow web user get any file" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=20000325224146.6839.qmail@securityfocus.com _____ Date Reported: 3/25/00 Vulnerability: windmail-fileread Platforms Affected: WindMail 3.0 Risk Factor: Medium Attack Type: Network Based WindMail is a command-line email messenger for Windows that can create mail forms for web sites from CGI scripts. By sending a specially-formatted URL, an attacker could retrieve any ASCII file on the vulnerable system. Reference: Bugtraq Mailing List: "Windmail allow web user get any file" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=20000325224146.6839.qmail@securityfocus.com _____ Date Reported: 3/25/00 Vulnerability: simpleserver-exception-dos Platforms Affected: SimpleServer WWW 1.03 Risk Factor: Medium Attack Type: Network/Host Based AnalogX SimpleServer WWW is a standard web server for Windows. Version 1.03 is vulnerable to a simple denial of service attack. By requesting a URL with exactly 8 characters following the /cgi-bin/ directory, an attacker can crash the server, requiring it to be rebooted. Reference: Bugtraq Mailing List: "AnalogX SimpleServer 1.03 Remote Crash" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com _____ Date Reported: 3/23/00 Vulnerability: linux-domain-socket-dos Platforms Affected: RedHat Linux (6.1, 6.2) Risk Factor: Medium Attack Type: Network/Host Based The Linux kernel is vulnerable to a denial of service attack due to improper handling of Unix domain sockets. The Unix domain sockets ignore limits set in wmem_max. A local attacker can crash the system by creating successive Unix domain sockets, requiring the system to be rebooted. Reference: Bugtraq Mailing List: "Local Denial-of-Service attack against Linux" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000323175509.A23709@clearway.com _____ Date Reported: 3/22/00 Vulnerability: linux-gpm-root Platforms Affected: Linux running Global Purpose Mouse Risk Factor: Low Attack Type: Host Based The General Purpose Mouse (gpm) package is a tool to enable the mouse for cutting and pasting on consoles, which ships with several Linux distributions. Due to a design flaw in gpm-root, which causes the setgid call to fail, a local user with console access can obtain the group id that is running gpm-root (usually root). Reference: Bugtraq Mailing List: "gpm-root" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com _____ Date Reported: 3/22/00 Vulnerability: outlook-manipulate-hidden-drives Platforms Affected: Microsoft Outlook 98 Risk Factor: Medium Attack Type: Host Based Microsoft Outlook contains a vulnerability that would allow a local user to view hidden drives. In Windows NT, an administrator can hide specific drives using systems policies, so that they cannot be accessed using My Computer, Windows NT Explorer, or the command prompt. However, the Insert File option in Microsoft Outlook reveals the hidden drives, allowing a user to copy, cut, paste, or delete files. Reference: Bugtraq Mailing List: "Hide Drives does not work with OUTLOOK 98" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=20000322151011.2581.qmail@securityfocus.com _____ Date Reported: 3/21/00 Vulnerability: vqserver-dir-traverse Platforms Affected: vqSoft's vqServer Risk Factor: Medium Attack Type: Network/Host Based The vqServer program by vqSoft is a Java-based personal web server for cross-platform environments. Version 1.9.9 of vqServer, and possibly others, contains a vulnerability that would allow a user to traverse the directories by appending /........../ to a URL, then submitting to the server. This would allow a remote attacker to access any file on the system. Reference: Bugtraq Mailing List: "vqserver /........../" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net _____ Date Reported: 3/21/00 Vulnerability: vqserver-passwd-plaintext Platforms Affected: vqSoft's vqServer Risk Factor: High Attack Type: Network/Host Based The vqServer program by vqSoft is a Java-based personal web server for cross-platform environments. Version 1.9.9 of vqServer, and possibly others, stores server settings and passwords unencrypted. A remote user could access the password file, via a directory transversal vulnerability in the program, to obtain the administrator password and gain administrative rights to the server. Reference: Bugtraq Mailing List: "vqserver /........../" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net _____ Date Reported: 3/20/00 Vulnerability: iis-chunked-encoding-dos Platforms Affected: Microsoft Internet Information Server 4.0 Risk Factor: Medium Attack Type: Network/Host Based Microsoft Internet Information Server (IIS) 4.0 contains a vulnerability in its support for chunked encoding transfers, because it does not limit the size of these transfers. An attacker could consume memory on the server by requesting a buffer be reserved for an extremely large amount of data, and then keeping the session open without sending the data. It is possible for an attacker to consume enough memory to cause the server to stop functioning properly. The server could be restored by stopping and restarting the IIS service. Reference: Microsoft Security Bulletin (MS00-018): "Patch Available for 'Chunked Encoding Post' Vulnerability" at: http://www.microsoft.com/technet/security/bulletin/ms00-018.asp _____ Date Reported: 3/17/00 Vulnerability: nav-email-gateway-dos Platforms Affected: Norton AntiVirus for Internet Email Gateways Risk Factor: Medium Attack Type: Network/Host Based Norton AntiVirus for Internet Email Gateways is a SMTP agent that scans email attachments for viruses. It includes an web-based management and administration interface that uses an embedded web server in the product. By sending a long URL to the server, a user will overflow a buffer and crash the program. Reference: Bugtraq Mailing List: "DoS with NAVIEG" at: http://www.securityfocus..com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us _____ Date Reported: 3/17/00 Vulnerability: netscape-server-directory-indexing Platforms Affected: Netscape Enterprise Server (3.0, 3.51, 3.6) Risk Factor: Medium Attack Type: Network/Host Based Netscape Enterprise Server version 3.x contains a feature called Directory Indexing. This feature, which is enabled by default, displays a directory listing when the a user includes certain tags in a requested URL. This could allow a remote attacker to gain unauthorized access to documents or retrieve lists of file names (such as CGI scripts). Reference: Bugtraq Mailing List: "[SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com _____ Date Reported: 3/16/00 Vulnerability: mercur-webview-get-dos Platforms Affected: Mercur WebView WebMail-Client 1.0 Risk Factor: Medium Attack Type: Network/Host Basde MERCUR WebView WebMail-Client 1.0 is an add-on to the MERCUR 3.0 mail server that allows users to read email via a web browser. Due to improper bounds checking in the GET command on port 1080, a user can overflow a buffer and cause the WebMail service to crash. Reference: Underground Security Systems Research: "Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability" at: http://www.ussrback.com/labs36.html _____ Date Reported: 3/16/00 Vulnerability: officescan-admin-pw-plaintext Platforms Affected: Trend Micro OfficeScan Corporate Edition (3.0, 3.11, 3.13, 3.5) Risk Factor: High Attack Type: Network/Host Based Trend Micro OfficeScan 3.51 and below transmits the administrator password over the network in cleartext. OfficeScan is anti-virus software for corporate networks. When configured in the web-based mode on a Windows NT server, an attacker can use a sniffing program to intercept the administrator password. Reference: Bugtraq Mailing List: "OfficeScan TrendMicro: admin for everybody!" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D0E213.5F0AA04@neurocom.com _____ Date Reported: 3/16/00 Vulnerability: officescan-admin-access Platforms Affected: Trend Micro OfficeScan Corporate Edition (3.0, 3.11, 3.13, 3.5) Risk Factor: High Attack Type: Network/Host Based Trend Micro OfficeScan 3.51 and below allows users to perform administrative tasks without authentication. OfficeScan is anti-virus software for corporate networks. When configured in the web-based mode on a Windows NT server, an unauthenticated attacker can use a web browser to access and execute cgi scripts for administration of the software across the network. References: Bugtraq Mailing List: "OfficeScan TrendMicro: admin for everybody!" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D0E213.5F0AA04@neurocom.com Bugtraq Mailing List: "Trend Micro releases Patch for 'OfficeScan Unauthenticated CGI Usage' vulnerability" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=D129BBE1730AD2118A0300805FC1C2FE0650E8E6@209-76-212-10.trendmicro.com _____ Date Reported: 3/16/00 Vulnerability: linux-kreatecd-path Platforms Affected: SUSE Linux (6.0, 6.1, 6.2, 6.3) Risk Factor: High Attack Type: Host Based The kreatecd package is a graphical front end tool for the cdrecord command that ships with several Linux distributions. The program is installed setuid root and is designed to trust the configuration path to cdrecord. A local attacker could use kreatecd to execute commands as root. Reference: Bugtraq Mailing List: "TESO & C-Skills development advisory -- kreatecd" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=ine.LNX.3.96.1000316143853.257E-200000@ati12.cs.uni-potsdam.de _____ Date Reported: 3/16/00 Vulnerability: win-dos-devicename-dos Platforms Affected: Windows 95 Windows 98 Risk Factor: Medium Attack Type: Network Based Microsoft Windows 95 and 98 contain a vulnerability in the parsing of file path names. DOS device names, such as COM1 or LPT1, are reserved words and normally cannot be used as file or directory names. If a user attempts to access a file path name that includes one DOS device name, it is treated as invalid, and an error is returned. However, if the path name includes multiple DOS device names, the machine will crash. Reference: Microsoft Security Bulletin (MS00-017): "Patch Available for 'DOS Device in Path Name' Vulnerability" at: http://www.microsoft.com/technet/security/bulletin/ms00-017.asp _____ Date Reported: 3/10/00 Vulnerability: wmcdplay-bo Platforms Affected: wmcdplay Risk Factor: High Attack Type: Host Based The wmcdplay CD player program is vulnerable to a buffer overflow attack. An local attacker can pass an argument to overflow the stack, due to insufficient bounds checking on calls to sprintf. The program is setuid root, allowing an attacker to gain root privileges by overflowing the stack and executing arbitrary code on the system. Reference: BugTraq mailing list: "wmcdplay Buffer Overflow Vulnerability" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000311143230.4C0C01EE8B@lists.securityfocus.com _____ Date Reported: 3/9/00 Vulnerability: nt-registry-permissions Platforms Affected: Microsoft Windows NT 4.0 Risk Factor: High Attack Type: Host Based Windows NT 4.0 including Workstation, Server, and Terminal Server versions, have some registry permissions that are too permissive. A local user with access to the machine could potentially increase their access and cause code to be executed on the machine. Reference: Microsoft Security Bulletin (MS00-008): 'Patch Available for "Registry Permissions' Vulnerability" at: http://www.microsoft.com/technet/security/bulletin/ms00-008.asp _____ Date Reported: 3/9/00 Vulnerability: staroffice-scheduler-fileread Platforms Affected: StarOffice 5.1 Risk Factor: Medium Attack Type: Network Based StarOffice is an office-productivity suite from Sun Microsystems. The StarSchedule server, which controls the group scheduling component of StarOffice, allows an attacker to read files on the server. A remote user can traverse directories using "../" paths to read any file on the server through a browser. Reference: Bugtraq Mailing List: "[SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38C68FB8.6F234393@relaygroup.com _____ Date Reported: 3/9/00 Vulnerability: staroffice-scheduler-bo Platforms Affected: StarOffice 5.1 Risk Factor: High Attack Type: Network Based StarOffice is an office-productivity suite from Sun Microsystems. The StarSchedule server, which controls the group scheduling component of StarOffice, is vulnerable to a buffer overflow attack. Sending a large amount of data to the GET command will crash the server, and could allow an attacker to execute arbitrary code as root. Reference: Bugtraq Mailing List: "[SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38C68FB8.6F234393@relaygroup.com _____ Date Reported: 3/8/00 Vulnerability: iis-root-enum Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Host Based Microsoft Internet Information Server (IIS) 4.0 and 5.0 discloses paths of network shares if configured incorrectly. Files of type IDQ, IDA, and HTX cannot be served from a network share. If a web site administrator attempts to serve these type of files from network shares, a user who attempts to access them will receive an error message that discloses the share path of the file. Reference: BugTraq mailing list: "Microsoft IIS UNC Path Disclosure Vulnerability" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=007201bf89dc$a18dd2e0$056fee3f@spis.net _____ Date Reported: 3/8/00 Vulnerability: mssql-query-abuse Platforms Affected: Microsoft SQL Server 7.0 Microsoft Data Engine 1.0 Risk Factor: High Attack Type: Network Based Microsoft SQL Server 7.0 and Microsoft Data Engine 1.0 are vulnerable to a remote query problem. The server and engine do not perform sufficient argument validation on particular types of SQL statements. A remote user who has access to submit queries could take actions on the SQL database and possibly perform actions on the server itself. Reference: Microsoft Security Bulletin (MS00-014): "Patch Available for 'SQL Query Abuse' Vulnerability" at: http://www.microsoft.com/technet/security/bulletin/ms00-014.asp _____ Date Reported: 3/6/00 Vulnerability: clipart-cil-bo Platforms Affected: Microsoft Office 2000 Microsoft Works 2000 Risk Factor: High Attack Type: Host Based Microsoft Clip Art Gallery, shipped with such packages as Microsoft Office 2000 and Microsoft Works 2000, contains a possible buffer overflow in the handling of CIL files. The CIL file format is used for downloading additional clips for installation into the gallery. If a CIL file is created with a long field embedded in it, it will overflow the buffer and crash the Clip Gallery, which could result in the execution of arbitrary code. Reference: Microsoft Security Bulletin (MS00-015): "Patch Available for 'Clip Art Buffer Overrun' Vulnerability" at: http://www.microsoft.com/technet/security/bulletin/ms00-015.asp _____ Date Reported: 3/5/00 Vulnerability: oracle-installer Platforms Affected: Oracle 8.1.5i Risk Factor: High Attack Type: Host Based The installation program for Oracle 8.1.5i contains a vulnerability that could allow an attacker to gain root access. The Oracle installation script creates the directory /tmp/orainstall, owned by oracle:dba, mode 711, containing the shell script orainstRoot.sh, mode 777. Then, the installation program stops and asks the user to run the orainstRoot.sh script. An attacker could create a symbolic link from this file to elsewhere on the file system, which could be used to create an .rhosts file and gain access to the root account. A local user could also edit this script to execute arbitrary commands when run by root. Reference: BugTraq Mailing List: "Oracle for Linux Installer Vulnerability" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.10.10003051801030.22289-100000@obscurity.org _____ Date Reported: 3/3/00 Vulnerability: linux-rpm-query Platforms Affected: Caldera OpenLinux 2.3 Risk Factor: Medium Attack Type: Network Based Caldera OpenLinux 2.3 contains a vulnerability in the rpm_query CGI. The rpm_query CGI is installed in the /home/httpd/cgi-bin/ directory. A remote user could run this CGI to obtain a listing of the name and version number of every package installed on the system. Reference: BugTraq mailing list: "Caldera OpenLinux 2.3 rpm_query CGI Vulnerability" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0003041204220.6797-100000@juggernaut.el8.org _____ Date Reported: 3/2/00 Vulnerability: thebat-mua-attach Platforms Affected: The Bat! Risk Factor: Medium Attack Type: Network Based The Bat! is a mail agent for Windows developed by Rit Research Labs. One of the program's features is that it saves attachments from incoming mail in a specified folder on the system, and adds the file's path to the incoming message as a pseudo-header called X-BAT-FILES. If a message with an attachment is forwarded to someone else, the pseudo-header line remains. This allows the recipient to see the sender's default location for all saved email attachments. Reference: BugTraq Mailing List: "Rit Research Labs 'The Bat!' X-BAT-FILES Vulnerabilities" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=200003021443.RAA31070@adm.sci-nnov.ru _____ Date Reported: 3/2/00 Vulnerability: irix-infosrch-fname Platforms Affected: IRIX 6.5 Risk Factor: High Attack Type: Network/Host Based InfoSearch is a tool distributed by SGI that converts man pages, release notes, and other documents into HTML format for reading on the Internet. It contains a vulnerability in the method it uses to parse input for the fname variable that would allow a remote attacker to execute arbitrary commands on the web server. Reference: Bugtraq Mailing List: "infosrch.cgi vulnerability (IRIX 6.5)" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10003021059360.21162-100000@inetarena.com _____ Date Reported: 3/2/00 Vulnerability: linux-dosemu-config Platforms Affected: Corel Linux 1.0 Risk Factor: High Attack Type: Host Based Corel Linux 1.0 contains a vulnerability in the configuration of the dosemu package. Dosemu is a DOS emulator that allows DOS programs to run on Linux. A local user can use the system.com binary to execute commands as root. Reference: Bugtraq Mailing List: "Corel Linux 1.0 dosemu default configuration: Local root vuln" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au _____ Date Reported: 3-01-2000 Vulnerability: coldfusion-reveal-pathname Platforms Affected: ColdFusion 4.01 Risk Factor: Low Attack Type: Network Based ColdFusion 4.01 contains a vulnerability that can reveal path names to cfm pages. When a remote user makes an HTTP request to a cfm page, the server will return an error message that reveals the full path name to the file. Reference: NTBUGTRAQ Mailing List: "ColdFusions application.cfm shows full path" at: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0003&L=ntbugtraq&F=&S=&P=435 _____ Date Reported: 3-01-2000 Vulnerability: netscape-enterprise-command-bo Platforms Affected: Netscape Enterprise Server (3.6) Risk Factor: High Attack Type: Network Based Netscape Enterprise Server 3.6 web server for Windows NT 4.0 contains a buffer overflow in commands issued to the server. If a remote user issues a command followed by a large quantity of data, the server will crash. It is possible for the user to then execute arbitrary code. References: S.A.F.E.R. Security Bulletin SAFER 000229.EXP.1.3: "Buffer Overflow in Netscape Enterprise Server" at: http://www.safermag.com/advisories/0006.html BUGTRAQ Mailing List: "[SAFER 000229.EXP.1.3] Remote buffer overflow in Netscape Enterprise Server 3.6 SP2" at: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-29&msg=38BC065A.E6AE7002@relaygroup.com _____ Date Reported: 3/1/00 Vulnerability: nmh-execute-code Platforms Affected: Debian Linux 2.1 Risk Factor: High Attack Type: Network Based The nmh package does not properly check incoming mail message headers. A remote attacker could send specially-crafted MIME message headers that would cause mhshow to execute arbitrary code. Reference: Debian Security Advisory: "New version of nmh released" at: http://www.debian.org/Lists-Archives/debian-security-announce-00/msg00005.html _____ Date Reported: 3/1/00 Vulnerability: htdig-remote-read Platforms Affected: Unix running htdig 3.1.5 Risk Factor: Low Attack Type: Network Based The ht://dig program is a web indexing and searching system for intranets and small domains. Due to improper validation of form input, a remote attacker could pass a variable to the htsearch CGI that would allow the attacker to read any file on the machine that is accessible by the htdig user. Reference: Debian Security Advisory: "New version of htdig released" at: http://www.debian.org/Lists-Archives/debian-security-announce-00/msg00004.html _____ Date Reported: 3/1/00 Vulnerability: ie-html-shortcut Platforms Affected: Microsoft Internet Explorer (5.0, 5.0.1) Risk Factor: High Attack Type: Network/Host Based Microsoft Internet Explorer 5 uses window.showHelp() to open HTML help files (.chm). If these files contain a shortcut to an executable, it will be run with the privileges of the current user. An attacker could create a .chm file with a link to an executable and cause it to execute on the victim's machine. Reference: Bugtraq Mailing List: "IE 5.x allows executing arbitrary programs using .chm files" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=38BD37F6.C9B3F8B@nat.bg _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Permission is hereby granted for the redistribution of this Alert Summary electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert Summary in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force of Internet Security Systems, Inc. About Internet Security Systems Internet Security Systems (ISS) is the leading global provider of security management solutions for the Internet. By providing industry-leading SAFEsuite* security software, ePatrol* remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to its customers and partners, protecting digital assets and ensuring safe and uninterrupted e-business. ISS' security management solutions protect more than 5,500 customers worldwide including 21 of the 25 largest U.S. commercial banks, 10 of the largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477. Copyright (c) 2000 by Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOOjlnzRfJiV99eG9AQHSOgQAj9D2ufzmwt8RyBRDZLzDCtdfTcG9KiaZ AbQfghGaav5IlYrSUEj2GFHj1KeLb2o8OCCnzVo5T1YFoIKC3L6ZxQ9q0Gsi2Pfv KXYGtYmNcOzQ5WIjUuBm1T2/ZXcL3cPYkfcMzyIKp0iddhx7noxuHJOffP1QTzm6 /hbYgL+fum8= =bxur -----END PGP SIGNATURE-----