************************************************************************** Security Bulletin 9614 DISA Defense Communications System July 31, 1996 Published by: DISN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/sec-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/sec-9544.txt). These are also available at our WWW site, http://nic.ddn.mil. ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -- -----BEGIN PGP SIGNED MESSAGE----- ASSIST's www site is http://www.assist.mil <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 96-12 Release date: July 30, 1996, 3:30 PM EDT (GMT -4) SUBJECT: Patches for Solaris statd vulnerability. SUMMARY: There is a vulnerability that exists in the Solaris 2.X (SunOS 5.x) and Solaris 1.x (SunOS 4.1.x) rpc.statd utility. The vulnerability has resulted from incomplete validation of information received by rpc.stats from rpc.lockd. BACKGROUND: Sun Microsystems Inc. has issued a bulletin with information about this problem and how to acquire patches. The bulletin is included in the Recommended Solutions section below. IMPACT: The rpc.statd can be made to remove or create any file that the root user can remove or create on the NFS server. This would easily be exploited to gain unauthorized root access. RECOMMENDED SOLUTIONS: Review the Sun Microsystems Inc. bulletin below and apply the approprate fixes and patches. ================================================================= SUN MICROSYSTEMS SECURITY BULLETIN: #00135, 21 May 1996 ================================================================= BULLETIN TOPICS In this bulletin Sun announces the release of security-related patches for both Solaris 2.x (SunOS 5.x) and Solaris 1.x (SunOS 4.1.x). The patches relate to a single vulnerability involving the statd program. This vulnerability, which affects the products of several UNIX vendors, has previously been discussed in CERT (sm) Advisory CA-96.09, issued on 24 Apr 96. As of this writing, Sun is aware of no successful attacks based on this problem. I. Who is Affected, and What to Do II. Understanding the Vulnerability III. List of Patches IV. Checksum Table APPENDICES A. How to obtain Sun security patches B. How to report or inquire about Sun security problems C. How to obtain Sun security bulletins or short status update Send Replies or Inquiries To: Mark Graff Sun Security Coordinator MS MPK17-103 2550 Garcia Avenue Mountain View, CA 94043-1100 Phone: 415-786-5274 Fax: 415-786-7994 E-mail: security-alert@Sun.COM Sun acknowledges with thanks both the CERT Coordination Center (Carnegie Mellon University) and Wolfgang Ley (of DFN/CERT) for their assistance in the preparation of this bulletin. Sun, CERT, and DFN/CERT are all members of FIRST, the Forum of Incident Response and Security Teams. For more information about FIRST, visit the FIRST web site at "http://www.first.org/". For information about the upcoming 8th FIRST Conference and Workshop (Santa Clara, CA, July 28-31, 1996) see "http://ciac.llnl.gov/firstconf". Keywords: statd, root, file_creation, file_deletion Patchlist: 100988-05, 101592-07, 102516-04, 102769-03, 102770-03, 102932-02, 103468-01, 103469-01 Cross-Ref: CERT CA-96.09 ----------- Permission is granted for the redistribution of this Bulletin for the purpose of alerting Sun customers to problems, as long as the Bulletin is not edited and is attributed to Sun Microsystems. Any other use of this information without the express written consent of Sun Microsystems is prohibited. Sun Microsystems expressly disclaims all liability for any misuse of this information by any third party. ======================================================================== SUN MICROSYSTEMS SECURITY BULLETIN: #00135, 21 May 1996 ======================================================================== I. Who is Affected, and What to Do Sun has verified that this vulnerability affects all supported Solaris 2.x (SunOS 5.x) and Solaris 1.x (SunOS 4.1.x) systems. Installing and running the software provided in these patches completely closes the vulnerability. For information about how to obtain these and other Sun patches, see Appendix A. II. Understanding the Vulnerability If exploited, this vulnerability can be used to remove any file that the root user can remove or to create any file that the root user can create. The security of a system could be completely compromised in this way. The following information, excerpted from the cited CERT(sm) advisory, provides some details. (Note: statd is called "rpc.statd" on many other UNIX systems.) When an NFS server reboots, rpc.statd causes the previously held locks to be recovered by notifying the NFS client lock daemons to resubmit previously granted lock requests. If a lock daemon fails to secure a previously granted lock on the NFS server, it sends SIGLOST to the process that originally requested the file lock. The vulnerability in rpc.statd is its lack of validation of the information it receives from what is presumed to be the remote rpc.lockd. Because rpc.statd normally runs as root and because it does not validate this information, rpc.statd can be made to remove or create any file that the root user can remove or create on the NFS server. III. List of Patches The patches required to close this vulnerability are listed below. A. Solaris 2.x (SunOS 5.x) patches Patches which replace the affected statd executable are available for every supported version of SunOS 5.x. OS version Patch ID ---------- --------- SunOS 5.3 102932-02 SunOS 5.4 102769-03 SunOS 5.4_X86 102770-03 SunOS 5.5 103468-01 SunOS 5.5_X86 103469-01 B. Solaris 1.x (SunOS 4.1.x) patches For SunOS 4.1.x, the fix is supplied in a new version of the "UFS file system and NFS locking" jumbo patch. OS version Patch ID ---------- --------- 4.1.3 100988-05 4.1.4 SunOS 4.1.3_U1 101592-07 SunOS 4.1.4 102516-04 IV. Checksum Table In the checksum table we show the BSD and SVR4 checksums and MD5 digital signatures for the compressed tar archives. File BSD SVR4 MD5 Name Checksum Checksum Digital Signature --------------- ----------- --------- - -------------------------------- 100988-05.tar.Z 10148 444 4116 888 ACE925E808A582D6CF9209FE7A51D23B 101592-07.tar.Z 21219 346 32757 692 7B7EE4BD5B2692249FDB9178746AA71B 102516-04.tar.Z 65418 201 61604 401 DB87F3DDA2F12FE2CFBB8B56874A1756 102769-03.tar.Z 38936 74 64202 148 9A8E4D9BE8C58FD532EE0E2140EF7F85 102770-03.tar.Z 04518 71 23051 141 F646E2B7AD66EEFBB32F6AB630796AF8 102932-02.tar.Z 34664 70 45816 139 66CB7F6AE48784A884BA658186268C41 103468-01.tar.Z 30917 82 46790 164 84680D9A0D2AEF62FFE1382C82684BE5 103469-01.tar.Z 31245 82 52288 164 F22AEB0FD91687DAB8ADC4DF10348DE8 The checksums shown above are from the BSD-based checksum (on 4.1.x, /bin/sum; on SunOS 5.x, /usr/ucb/sum) and from the SVR4 version on on SunOS 5.x (/usr/bin/sum). APPENDICES A. How to obtain Sun security patches 1. If you have a support contract Customers with Sun support contracts can obtain any patches listed in this bulletin (and any other patches--and a list of patches) from: - SunSolve Online - Local Sun answer centers, worldwide - SunSITEs worldwide The patches are available via World Wide Web at http://sunsolve1.sun.com. You should also contact your answer center if you have a support contract and: - You need assistance in installing a patch - You need additional patches - You want an existing patch ported to another platform - You believe you have encountered a bug in a Sun patch - You want to know if a patch exists, or when one will be ready 2. If you do not have a support contract Customers without support contracts may now obtain security patches,"recommended" patches, and patch lists via SunSolve Online. Sun does not furnish patches to any external distribution sites other than the ones mentioned here. The ftp.uu.net and ftp.eu.net sites are no longer supported. 3. About the checksums So that you can quickly verify the integrity of the patch files themselves, we supply in each bulletin checksums for the tar archives. Occasionally, you may find that the listed checksums do not match the patches on the SunSolve or SunSite database. This does not necessarily mean that the patch has been tampered with. More likely, a non-substantive change (such as a revision to the README file) has altered the checksum of the tar file. The SunSolve patch database is refreshed nightly, and will sometimes contain versions of a patch newer than the one on which the checksums were based. In the future we may provide checksum information for the individual components of a patch as well as the compressed archive file. This would allow customers to determine, if need be, which file(s) have been changed since we issued the bulletin containing the checksums. In the meantime, if you would like assistance in verifying the integrity of a patch file please contact this office or your local answer center. B. How to report or inquire about Sun security problems If you discover a security problem with Sun software or wish to inquire about a possible problem, contact one or more of the following: - Your local Sun answer centers - Your representative computer security response team, such as CERT - This office. Address postal mail to: Sun Security Coordinator MS MPK17-103 2550 Garcia Avenue Mountain View, CA 94043-1100 Phone: 415-786-5274 Fax: 415-786-7994 E-mail: security-alert@Sun.COM We strongly recommend that you report problems to your local Answer Center. In some cases they will accept a report of a security bug even if you do not have a support contract. An additional notification to the security-alert alias is suggested but should not be used as your primary vehicle for reporting a bug. C. How to obtain Sun security bulletins or short status updates 1. Subscription information Sun Security Bulletins are available free of charge as part of our Customer Warning System. It is not necessary to have a Sun support contract in order to receive them. To receive information or to subscribe or unsubscribe from our mailing list, send mail to security-alert@sun.com with a subject line containing one of the following commands. Subject Information Returned/Action Taken ------- --------------------------------- HELP An explanation of how to get information LIST A list of current security topics QUERY [topic] The mail containing the question is relayed to a Security Coordinator for a response. REPORT [topic] The mail containing the text is treated as a security bug report and forwarded to a Security Coordinator for handling. Please note that this channel of communications does not supersede the use of Sun Solution Centers for this purpose. Note also that we do not recommend that detailed problem descriptions be sent in plain text. SEND topic Summary of the status of selected topic. (To retrieve a Sun Security Bulletin, supply the number of the bulletin, as in "SEND #103".) SUBSCRIBE Sender is added to the CWS (Customer Warning System) list. The subscribe feature requires that the sender include on the subject line the word "cws" and the reply email address. So the subject line might look like the following: SUBSCRIBE cws graff@sun.com UNSUBSCRIBE Sender is removed from the CWS list. Should your email not fit into one of the above subjects, a help message will be returned to you. Due to the volume of subscription requests we receive, we cannot guarantee to acknowledge requests. Please contact this office if you wish to verify that your subscription request was received, or if you would like your bulletin delivered via postal mail or fax. 2. Obtaining old bulletins Sun Security Bulletins are available via the security-alert alias and on SunSolve. Please try these sources first before contacting this office for old bulletins. ------------ [ End of SUN Bulletin ] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST would like to thank Sun Microsystems for information contained in this bulletin. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi4uZ40AAAEEAM1uraimCNeh5PtzX7KoGxC2u8uMTdl8V5sujk3MHbWvCuOM W0FqDy5s9iwfQLZWzJ7cbM6L0mNOj8eJGoz7TqGKZDDRFlKAwg0x8joleZLC2gXw FVdF/g6Mdv7ok7heoa+Y//YMeADnsSrmzqLCnhFbKYffww3EbdH6sbnW3Io9AAUR tB9BU1NJU1QgVGVhbSA8YXNzaXN0QGFzc2lzdC5taWw+iQCVAwUQMJVF1JtBJ/Qs yeedAQFnqgQAp1rw7ONT41Mr3gHGs2aVpEwgOH6SeJ9sHZxUp4dJu+ogRMFrqdC+ +NBfzitzj9m1udFVDHpwsGawbv6wg43DDAKaTgIETCHYXa/OM5/9FCS3xJwC99Gb V1iOm8S/Q9FcJruKID9DG2WUJp2yPj+CjTuBQeLjGkqGjuSOR1TNXQiJAJUDBRAw lUPuYKf6jFkmJQkBAWg5A/9ykgo2ULWUsSzZjRkO9yPZUPAlpfH7ReaHwkapK69F fBzqwwQ8Gig1mL+qgmOHS8Zv+OAT491sWWsECN+dfpopFdsgS4Sec19ZjcMyhL1c BVIS9Cmbjetb6Kvfc39AMr0MRCrUlOkUd4qScjHysHFYRAwCl3STRjprNnUPKQbn f4kAlQMFEDB482bk8movIjSrbQEB/VgD/iap/CAb1jq8wMA3QleU8d6/QUqoPzgp jRhP0wP7K2GLVUV0d5sP4EptmzejqViZvlzt6ufnI1bML0Yt2U5loAeblnh714RX JcOmyAah6niiJSKuhCsYUzW6f3EBzXBn5tcu3GP35h+1VQunCQCMICCfnZ0r8Wcv EdwE9LxPYdueiQCVAwUQMHOjMwJPhGsUbeKNAQGOagQAgT5p6CwrIPpi+12yJ170 ekc3MPp8z0aNbvdCQWXTK6qtq1LmS65VeH0RE5xRponsgbWp+5JBvD22v0eGuSg7 7bnHT1HPXazPERAp8sw1zTERs7drMQE+JhHYylh3orKzHNf5EjFx10vwEXdfvGSc sP3Vpcx2xu0lUYHp5oHtPFiJAJUDBRAwar4DFKHh5Qavqe0BAeQqA/4xd0tdq9yF eUYrd1+ZriayzfSjCcIUlCDH1i7vXw1kiHkg2YpOoZLD9k+zNkbOyBs/r570fGHu A23SvUcUfaBUijT1jf9YGU5MQMdpx3p5qqI4kJ0GWUNySZNtaFy0qWNH8Z8NsNp3 FWllVeisye0qe96aoizW0dAyUymlM6YYn4kAlQMFEDBqqvga2zTcAviMgQEBN8wE AIu7O/Of4c1OvMc5tti4+gcyCVw41+fLjxQFB5EtkoW8Js6XhCsv3GcmzgCZw3g8 Sux7wxGe+lspZNV9rvv+JkDBWkA9O5HyOdmdv5JZM1UH41NettZM9Yw7kUtO7lAT aOb4ybHlqrBwJ8/+Lig7r7PwTL847JyGa3g229pGG/uEiQCVAwUQMGpTK+glSuMP TJd1AQE8KQP8Cu+FYuagNoBRllMIQryT9+0ngLRxJJTcTgIbLX4OPwa27JuXCukG kUIXRWFCqkRqkM/7ImZXeuUL4PmAX07f9ygGH7BUyqefhIWkxWFDaGHJVlg3l/pS Wh7NnC+nU6DUJNSzfwYStCABNptOcMiYaT1fY0+DkWpIgJVRTptquOWJAJUCBRAw aHX+IlGW2WZtAFEBATkXA/40QTxVP/x3aJDgC11cvFhwT7M+qJvhGSTRJOtrFz8i soZzihMeaQ8zLiu73dDlFz2E4f0+ettxsDcgFJADNmZ5H7WkPlf9gBUBne4KP2Y6 CMwd6T7HGm/ErF88DIJ2wn8irhzVRnBBWhnmQfSzr5a7mkjlA6GzAlFucGp3 eokAlQMFEDBpzIC58yc3bMt0GQEBgd4EAI0mE/5wXSWuBNApkALLjPAchBdeC4Kl YF4hQkfY/4YddeIasgTmINKOc5gJWgTHxPI2xKxjTAQhIZlOxuDyXWnBuK+x2hr4 iCh5unEIH+qaqdipGwWjFq0IZEmOOJaBRxlVt2hrmY6nRMpekitFLw8dhWHgI968 WVhJpWfBg+MhiQCVAwUQMGnMcmJl+kgHVnRVAQF+nQP/XK4xmIx1SmjoN9D+vNRY PSiKz8KEzh1Y2/5QTYA7iES8QXC4i/8HOWK7lyoL6FmWGxKYpU8isQ+DJpk0A4N0 U04JexpyFa0EeM/wsfp0YvAWesSVhV5UkDQU6hSC0U8rS1j/qtnSLZ4wXpapPSBh 82daDlxAQCVMzDoQYQZkMi+JAJUDBRAwacftBCZ9eY4KSdEBAbKGA/0VHArALL6v d0a0x7sn4o60Bk2fFzuaCBNTNzb11OOtuu47KMOZLwrl2jv+32ysIVEOXx+puhXP nQAgRrH0LGKV5FOY3B98AHuV+woOmfVjM2T3xB4Bs52Dz+HIIIhaWzzy3955tlp/ 6UyvZnD0QFLS/bre/Pog1Lgl0pxonmILhYkAlQIFEDBpJpXAx/wW8A8EIQEBPVoD /jwgG+7ZrWrb8/dqe6IZhSk8rq0JIHhSA2Hz1T7PhRvyDiquBJ3ulTeaX3BvuWqF bMuLJ4CTqXw9dexDehEnhGlxYycSXVzy8a34pLnmldii8oNvI1bLWMgd4HdM/PPZ GOgHmSIGrXMChkbddt9AoszDI0Whlbe9+wn6AeZVrJVaiQCVAgUQMGkkL2yh0IcG ee2RAQHrTgQAvBRce0S9yBvI/ufC/1jhE3LuUoA3YDdA8+UQ+UekaslZzOEgPs4K Za/nM9Y2vaRYscyzyIg8FGTzCdJQ2be9HZjSkB2xQuakeq88tlV32/cLcQSC8Zrw xsnPWujbIcWYg7B0hv8cCovef/w4kC9GyhjhIzPIsQ/Cr7/TYzheK12JAJUDBRAw Z/38o2xF3nu86kkBARanA/0XO4HBo6pT2xNCdQ7AW9UrvmTCiYUb0XVY7qCnkaPp Sn1KjsK2nGueDMGUBzvx9zWZ0xHAS+BSNkoM61gb9455KcbDwRqw6+47O/WuX1w9 fh7egjTY0kqN6YsP/vtirOuP+Krh19w/s6cDxbEBNbJIiZofRDFRRsZcZ8E2mLCP UIkAlQMFEDBn/EY7f8e8znZrHwEBxQwD/jP+CiwO3Nk45M5Ei++TZzdp7ak82hum XxVXplV2G4w8DN86pfl3IV/XvU67FQXg4NKJr+wm3JknDtlKZTE5g+aKkOYK6Fqt w3FjTd6PTDz11YRruCsdvBeYwMcHPe5XzIhgkwkMXX2Mp99q9LGKfV3087do2LNr V/2S/atn6IuqiQCVAwUQMGW6OliXq3zaXLJBAQFLwgP/bQ1C/Ph54RlRqw9rovJo SXp5wvQAfVqqnkL5nIIIK2uGputcmhMP8RqYKuRv4xaezkCDTeIE/P0327Ajc4// ca4SZCojxfqtrhw3EkfZtvFLJh1tsvAkqZkgHmjJxwA+lY78lQ1ncBZ99dePpuHu MBQew3769SkEA8kk/s5XiYqJAJUDBRAvXHHu0fqxudbcij0BAQFjA/0W8glucqO0 wtSPyCF3qGimFLHxZmd9Cw6Zlf8Ftfy8rPVrkGQGfioA29b64oZ1SUTwsswSbU8P n0KKFxvc6hYM5TzMg4gSu+vLh6pr4vMRdXyecF16z4BrUwIwZLP4rc5o/vyVDskI ahj1NdNYh6V8B0FUEbhVBxJBGfy2NF0bZ7QoQVNTSVNUIFRlYW0gPGFzc2lzdEBh c3Npc3QuaW1zLmRpc2EubWlsPokAlQIFEC45Ys3KbyuD/AwC1QEBKPED/2dwnN+/ OE2iHhvGwv3jZtsm6cH+GVkpNpc0w0vQOKvVwUnLwuETSv+eryz9Fl7nL0U2tv/5 QW1Dt9RBSjEOundYrOzsfELIMrwh1iJXsIxG7g7iil0HeKzxsQ E/nBFwJbgP6SQaYF4wy7TPuXw+IVVddp0p1riQCVAgUQLi5x6IdGPdIwvm+pAQFN EwP+Ml0i+yurXH1ZvQApz+HKwqLrRTNsNdHu2CsQ/OdGo4Vq4eqyPTvrI1OVjm6o jye7GR3RMPygEcz0oox/+YfB5cmGugpZLFsWLspswrFGGCXLXY3Bq7mpH14GENU5 JMlHzazeRvdDbkSv700Xu25JshjWIzfTY2nNUNfFlRefQoY= =8gi/ - -----END PGP PUBLIC KEY BLOCK----- ASSIST is an element of the Defense Information Systems Agency (DISA), and provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from assist.mil (IP address 199.211.123.11). Note: assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231, COMM 703-607-4700, DSN 327-4700. ELECTRONIC MAIL: assist@assist.mil. ASSIST BBS: COMM 703-607-4710, DSN 327-4710, leave a message for the "sysop". FAX: COMM 703-607-4735, DSN 607-4735 ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt, and through the world wide web from http://net-dist.mit.edu/pgp.html. In accordance with the terms of that license, PGP 2.6.2 may be used for non-commercial purposes only. Instructions for downloading the PGP 2.6.2 software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMf5md9H6sbnW3Io9AQEGVQQAhbYfHgM2DBykxSi9nNaTlEga2z3ln8Q+ 0QPxjPtweI+MY82ekzJZsD4K87cylXqGQmB/z2Upw9rH4S7lsKtriErNxo02IyWc 8W5NyjPXsPqFEOKT6YMUsFKTkjDuxkA2kQMDt3KCvITT0kMa73Enzs53mrwOvfA7 8K9c6cdvfPE= =oZRB -----END PGP SIGNATURE----- _______ A S S I S T | / Automated Systems Security Incident Support Team | / Duty phone: +1 800 357 4231 (DSN 327 4700) 24hr | / Integritas Commercial +1 703 607 4700 24hr | < et 24hr pager: +1 800 791 4857 | \ Celeritas BBS: +1 703 607 4710 (DSN 327 4710) | \ Unclass FAX: +1 703 607 4735 (DSN 327 4735) | \ e-mail: ASSIST@ASSIST.MIL ------- Anonymous FTP: FTP.ASSIST.MIL (IP 199.211.123.12) **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.