Archive : 1999 : november : bugtraq17 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

SecurityFocus.com Newsletter #17

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Date: Пн, 29 ноя 1999 11:49:00

От: Alfred Huger

Кому: SF-NEWS@SECURITYFOCUS.COM

Тема: SecurityFocus.com Newsletter #17

--------------------------------------------------------------------------------

Security Focus Newsletter #17

Table of Contents:

I. INTRODUCTION

II. BUGTRAQ SUMMARY

1. NetTerm FTP Server Multiple Vulnerabilities

2. Microsoft IE5 XML HTTP Redirect Vulnerability

3. Sun Java IDE Webserver IP Restriction Failure Vulnerability

4. Vermillion FTPd CWD DoS Vulnerability

5. Mdaemon WebConfig Overflow DoS Vulnerability

6. Cabletron SSR ARP Flood DoS Vulnerability

7. Netscape Navigator Long ASP Argument Vulnerability

8. Deerfield WorldClient Long URL DoS Vulnerability

9. SCO Xsco Buffer Overflow Vulnerability

10. SCO xlock(1) (long username) Buffer Overflow Vulnerability

11. SCO su(1) Buffer Overflow Vulnerability

III. PATCH UPDATES

1. Vulnerability Patched: Linux syslogd Denial of Service

2. Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service

3. Vulnerability Patched: Cabletron SSR ARP Flood DoS

4. Vulnerability Patched: SCO su(1) Buffer Overflow

5. Vulnerability Patched: Pine Environment Variable Expansion in

URLS

IV. INCIDENTS SUMMARY

1. Re: Port 137 and snmp scans (Thread)

2. SunOS rpcbind scans (Thread)

3. Re: cracker probing 1542 (Thread)

4. Re: rpc logging (Thread)

5. SANS and CERT ICMP advisories (Thread)

6. Fw: unsolicited connection(s) (Thread)

7. F5's 3DNS signature + Cisco Distrib Dir (Thread)

8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread)

9. BIND Scanning (Thread)

10. sweep (Thread)

11. pop3/imap crawler.. (Thread)

12. UK Law & Cases Re Malicious action/attacks (Thread)

13. cgi attack

14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)

15. Port 98 scans & new 3128/8080 scans

V. VULN-DEV RESEARCH LIST SUMMARY

1. Re: icq accounts (Thread)

2. Re: WordPad/riched20.dll buffer overflow (Thread)

3. SSH exploit (Thread)

4. lanma256.bmp/lanmannt.bmp security risk? (Thread)

5. Re: development of wordpad exploit (Thread)

VI. SECURITY JOBS

Seeking Staff:

1. SecurityFocus.com is looking for staff writers for a Windows NT column!

2. NYC - Internet Security Position

3. Security Research Engineer

VII. SECURITY SURVEY RESULTS

VIII. SECURITY FOCUS TOP 6 TOOLS

1. SecurityFocus.com Pager (Win95/98/NT)

2. Lookout (Windows 2000, Windows 95/98 and Windows NT)

3. cgicheck99 0.4 (Any system supporting rebol)

4. HookProtect (Windows 95/98 and Windows NT)

5. Sun Enterprise Network Security Service Early Access 1 (Java)

6. Pandora for Linux v4 beta 2 (Linux)

IX. SPONSOR INFORMATION - CORE SDI

X. SUBSCRIBE/UNSUBSCRIBE INFORMATION

I. INTRODUCTION

-----------------

Welcome to the Security Focus 'week in review' newsletter issue 17

sponsored by CORE SDI.

http://www.core-sdi.com

II. BUGTRAQ SUMMARY 1999-11-21 to 1999-11-27

---------------------------------------------

1. NetTerm FTP Server Multiple Vulnerabilities

BugTraq ID: 819

Remote: Yes

Date Published: 1999-11-22

Relevant URL:

http://www.securityfocus.com/bid/819

Summary:

InterSoft's internet suite includes an FTP server which has been found to

have numerous vulnerabilities. Among them:

The default configuration allows read/write access to the root of the C:

drive for anonymous users. This write access includes overwrite and

delete. If the server is setup with 'out of the box' options, anonymous

remote users have full access to the operating system files and

executables.

There is no administrator account, which means that any user with console

access can alter the server's settings.

The encryption method used on the passwords for user accounts is reported

to be weak and easily broken.

There are also multiple buffer overflows. Supplying over 1024-character

arguments to the following commands will crash the server: dir, ls, mkdir,

delete, and rmdir. Also, althouth the PASS buffer is truncated at 16

characters for users with accounts, this limit is not in place for the

anonymous user (to allow for proper entry of email addresses as passwords)

and a 1024-byte string 'password' will crash the server if user name

'anonymous' is supplied. It may be possible to exploit these overflows to

run arbitrary code.

2. Microsoft IE5 XML HTTP Redirect Vulnerability

BugTraq ID: 815

Remote: Yes

Date Published: 1999-11-22

Relevant URL:

http://www.securityfocus.com/bid/815

Summary:

A vulnerability in the method IE5 uses to process XML data may allow a

malicious web site owner to read files on a visiting user's computer. A

web page may be created that contains an XML object type that contains

instructions to read known files on a visitor's local host (and or

domain). The IE5 client will allow the XML redirect to access files within

its own domain.

3. Sun Java IDE Webserver IP Restriction Failure Vulnerability

BugTraq ID: 816

Remote: Yes

Date Published: 1999-11-23

Relevant URL:

http://www.securityfocus.com/bid/816

Summary:

These Java development applications include an http server for testing

purposes. The server can be configured to only respond to requests from

certain IP addresses, however the mechanism fails and any requests

received are serviced. The server will allow read access to any file on

the filesystem that it haas access to, all the way up to the root

directory. In the Netbeans product, this is the default 'out of the box'

configuration. In the Forte product. IP addresses must be added manually

to a list of permitted clients. Once a single IP address is added, any

requests regardless of source are responded to.

4. Vermillion FTPd CWD DoS Vulnerability

BugTraq ID: 818

Remote: Yes

Date Published: 1999-11-22

Relevant URL:

http://www.securityfocus.com/bid/818

Summary:

If the Vermillion FTP Daemon (VFTPD) receives three consecutive CWD

commands with arguments of 504 characters or longer, it will crash.

5. Mdaemon WebConfig Overflow DoS Vulnerability

BugTraq ID: 820

Remote: Unknown

Date Published: 1999-11-24

Relevant URL:

http://www.securityfocus.com/bid/820

Summary:

The Mdaemon mail server for Windows includes a small web server for

web-based remote administration. This webserver is vulnerable due to an

unchecked buffer that handles incoming GET requests. An abnormally large

URL sent to the WebConfig service at port 2002 will crash the service.

6. Cabletron SSR ARP Flood DoS Vulnerability

BugTraq ID: 821

Remote: Yes

Date Published: 1999-11-24

Relevant URL:

http://www.securityfocus.com/bid/821

Summary:

The Cabletron SmartSwitch Router 8000 with firmware revision 2.x has been

shown to susceptible to a denial of service attack. The SSR can only

handle approximately 200 ARP requests per second. If an attacker can get

ICMP traffic to the router, they can flood it with ARP requests,

effectively shutting the router down for the duration of the attack.

7. Netscape Navigator Long ASP Argument Vulnerability

BugTraq ID: 822

Remote: Yes

Date Published: 1999-11-26

Relevant URL:

http://www.securityfocus.com/bid/822

Summary:

Netscape Communicator 4.7 has been shown to crash when an argument of 800

characters is supplied to a command in an asp page. Some of the data

passed as the argument makes it into the EIP and EBP registers, so

execution of arbitrary code is a possibility. The overflow could be

embedded in a link on a webpage or in an email message for remote attacks.

8. Deerfield WorldClient Long URL DoS Vulnerability

BugTraq ID: 823

Remote: Yes

Date Published: 1999-11-26

Relevant URL:

http://www.securityfocus.com/bid/823

Summary:

Deerfield's WorldClient is an email webserver that allows it's users to

retrieve email via HTTP. It is susceptible to denial of service attacks

due to an unchecked buffer in the request handler. Supplying a long url

will crash the server.

9. SCO Xsco Buffer Overflow Vulnerability

BugTraq ID: 824

Remote: No

Date Published: 1999-11-25

Relevant URL:

http://www.securityfocus.com/bid/824

Summary:

Under certain versions of Unixware, the SUID program Xsco is vulnerable to

a buffer overflow attack. The problem lies in that Xsco does not sanity

check user supplied data.

10. SCO xlock(1) (long username) Buffer Overflow Vulnerability

BugTraq ID: 825

Remote: No

Date Published: 1999-11-25

Relevant URL:

http://www.securityfocus.com/bid/825

Summary:

Certain versions of Unixware ship with a version of xlock which is

vulnerable to a buffer overflow attack. The xlock(1) program locks the

local X display until a username and password are entered. In this

instance a user can provide an overly long username and overflow a buffer

in xlock(1). Given that xlock(1) runs SUID root this will result in a root

compromise.

11. SCO su(1) Buffer Overflow Vulnerability

BugTraq ID: 826

Remote: No

Date Published: 1999-11-25

Relevant URL:

http://www.securityfocus.com/bid/826

Summary:

Certain versions of Unixware ship with a version of su(1) which is

vulnerable to a buffer overflow attack. This attack is possible because

su(1) fails to sanity check user supplied data, in this instance a

username supplied on the command line. Because su(1) is SUID root this

attack may result in root privileges.

III. PATCH UPDATES 1999-11-21 to 1999-11-27

-------------------------------------------

1. Vendor: Red Hat

Product: RedHat Linux

Patch Location:

Red Hat Linux 4.x:

Intel:

ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.5.i386.rpm

ftp://updates.redhat.com/4.2/i386/libc-5.3.12-18.5.i386.rpm

ftp://updates.redhat.com/4.2/i386/libc-debug-5.3.12-18.5.i386.rpm

ftp://updates.redhat.com/4.2/i386/libc-devel-5.3.12-18.5.i386.rpm

ftp://updates.redhat.com/4.2/i386/libc-profile-5.3.12-18.5.i386.rpm

ftp://updates.redhat.com/4.2/i386/libc-static-5.3.12-18.5.i386.rpm

Alpha:

ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm

Sparc:

ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm

ftp://updates.redhat.com/4.2/sparc/libc-5.3.12-18.5.sparc.rpm

ftp://updates.redhat.com/4.2/sparc/libc-debug-5.3.12-18.5.sparc.rpm

ftp://updates.redhat.com/4.2/sparc/libc-devel-5.3.12-18.5.sparc.rpm

ftp://updates.redhat.com/4.2/sparc/libc-profile-5.3.12-18.5.sparc.rpm

ftp://updates.redhat.com/4.2/sparc/libc-static-5.3.12-18.5.sparc.rpm

Source packages:

ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm

ftp://updates.redhat.com/4.2/SRPMS/libc-5.3.12-18.5.src.rpm

Red Hat Linux 5.x:

Intel:

ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-1.5.i386.rpm

Alpha:

ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-1.5.alpha.rpm

Sparc:

ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-1.5.sparc.rpm

Source packages:

ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-1.5.src.rpm

Red Hat Linux 6.0:

Intel:

ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm

Alpha:

ftp://updates.redhat.com/6.0/alpha/sysklogd-1.3.31-14.alpha.rpm

Sparc:

ftp://updates.redhat.com/6.0/sparc/sysklogd-1.3.31-14.sparc.rpm

Source packages:

ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm

Red Hat Linux 6.1:

Intel:

ftp://updates.redhat.com/6.1/i386/sysklogd-1.3.31-14.i386.rpm

Source packages:

ftp://updates.redhat.com/6.1/SRPMS/sysklogd-1.3.31-14.src.rpm

The following patches are for Cobalt Networks RAQ and Qube servers which run RedHat Linux:

RPMS:

-RaQ3-

ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-
9C1.i386.rpm

-RaQ1 RaQ2 Qube1 Qube2-

ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-
9C2.mips.rpm

SRPMS:

ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-
9C1.src.rpm

ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-
9C2.src.rpm

Vulnerability Patched: Linux syslogd Denial of Service Vulnerability

BugTraq ID: 809

Relevant URLS:

http://www.securityfocus.com/bid/809

2. Vendor: Sun Mircosystems

Product: Solaris 7

Patch Location:

http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-
patches

Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service Vulnerability

BugTraq ID: 811

Relevant URLS:

http://www.securityfocus.com/bid/811

3. Vendor: Cabletron

Product: Cabletron SmartSwitch Router 8000 firmware 2.x

Patch Location:

http://www.cabletron.com/download/download.cgi?lib=ssr

Vulnerability Patched: Cabletron SSR ARP Flood DoS Vulnerability

BugTraq ID: 821

Relevant URLS:

http://www.securityfocus.com/bid/821

4. Vendor: SCO

Product: Unixware

Patch Location:

Anonymous ftp (World Wide Web URL):

ftp://ftp.sco.COM/SSE/sse039.ltr (cover letter, ASCII text)

ftp://ftp.sco.COM/SSE/sse039.tar.Z (new binaries, compressed tar

file)

Compuserve:

GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these

filenames:

SSE039.LTR (cover letter, ASCII text)

SSE039.TAZ (new binaries, compressed tar file)

Vulnerability Patched: SCO su(1) Buffer Overflow Vulnerability

BugTraq ID: 826

Relevant URLS:

http://www.sco.com/support/ftplists/index.html

http://www.securityfocus.com/bid/

5. Vendor: Caldera

Product: Caldera OpenLinux (and its other distributions)

Patch Location:

ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

Vulnerability Patched: Pine Environment Variable Expansion in URLS Vulnerability

BugTraq ID: 810

Relevant URLS:

http://www.securityfocus.com/bid/810

INCIDENTS SUMMARY 1999-11-21 to 1999-11-27

------------------------------------------

1. Re: Port 137 and snmp scans (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=Pine.LNX.4.10.9911220749020.615-100000@epr0.org

2. SunOS rpcbind scans (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=XFMail.991122220828.ldavis@fastq.com

3. Re: cracker probing 1542 (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991122172139.12644.qmail@securityfocus.com

4. Re: rpc logging (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991122224453.1743.qmail@securityfocus.com

5. SANS and CERT ICMP advisories (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991123051240.12076.qmail@securityfocus.com

6. Fw: unsolicited connection(s) (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=01aa01bf3599$17618a40$30a238cd@bbn.com

7. F5's 3DNS signature + Cisco Distrib Dir (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991124021152.13054.qmail@securityfocus.com

8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=Pine.LNX.4.05.9911250211030.30972-100000@bean.xtdnet.nl

9. BIND Scanning (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=Pine.SOL.4.10.9911251135010.20417-100000@yuma.Princeton.EDU

10. sweep (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991125164633.23732.qmail@securityfocus.com

11. pop3/imap crawler.. (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=19991126132342.G28629@obfuscation.org

12. UK Law & Cases Re Malicious action/attacks (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=004f01bf3810$414d9960$050010ac@xtranet.co.uk

13. cgi attack

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=383F9790.150177EB@eti.cc.hun.edu.tr

14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=3841bb7e.1d7.0@infolink.com.br

15. Port 98 scans & new 3128/8080 scans

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-
22&msg=14401.22457.121945.823373@cap-ferrat.albourne.com

V. VULN-DEV RESEARCH LIST SUMMARY 1999-11-21 to 1999-11-27

----------------------------------------------------------

1. Re: icq accounts (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-
22&msg=19991122182152.P26100@willamette.edu

2. Re: WordPad/riched20.dll buffer overflow (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-
22&msg=18692.991122@iname.com

3. SSH exploit (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-
22&msg=383C072F.408BE3FC@core-sdi.com

4. lanma256.bmp/lanmannt.bmp security risk? (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-
22&msg=3EE01C3AD21BD211B73C0008C72833F9582BA0@exchange.ls.se

5. Re: development of wordpad exploit (Thread)

Relevant URL:

http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-
22&msg=19991122121349.4947.qmail@home1.gmx.net

VI. SECURITY JOBS SUMMARY 1999-11-21 to 1999-11-27

---------------------------------------------------

1. SecurityFocus.com is looking for staff writers for a Windows NT column!

Reply to: Alfred Huger

Position Requirements:

http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-
22&msg=Pine.GSO.4.10.9911231458200.4263-100000@www.securityfocus.com

2. NYC - Internet Security Position

Reply to: timoe@interworld.com

Position Requirements:

http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-
22&msg=19991124200337.15430.qmail@securityfocus.com

3. Security Research Engineer

Reply to: Samuel Cure

Position Requirements:

http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-
22&msg=19991124201148.15891.qmail@securityfocus.com

VII. SECURITY SURVEY 1999-11-15 to 1999-11-27

----------------------------------------------

The question for 1999-11-15 to 1999-11-27 was:

Which Security conference do you think is more useful to attendees? (Bang

for your buck)

SANS 31% / 30 votes

BlackHat 15% / 15 votes

TISC 4% / 4 votes

CSI 5% / 5 votes

Chaos Communications Congress 6% / 6 votes

Defcon 30% / 29 votes

Total number of votes: 94 votes

VIII. SECURITY FOCUS TOP 6 TOOLS 1999-11-21 to 1999-11-27

--------------------------------------------------------

1. SecurityFocus.com Pager

by SecurityFocus.com

URL: http://www.securityfocus.com/pager/sf_pgr20.zip

Platforms: Win95/98/NT

Number of downloads: 1690

This program allows the user to monitor additions to the Security Focus

website without constantly maintaining an open browser. Sitting quietly in

the background, it polls the website at a user-specified interval and

alerts the user via a blinking icon in the system tray, a popup message or

both (also user-configurable).

2. Lookout

by Dragonmount Networks

URL: http://www.dragonmount.net/software/lookout/

Platforms: Windows 2000, Windows 95/98 and Windows NT

Number of downloads: 1222

Lookout provides raw access to data sent over a TCP connection, allowing

the inspection of protocols and the testing of buffers. Lookout connects

to a foreign host's port and allows you to communicates with the host.

Alternatively,Lookout can listen on a port and wait for another host to

connect. Lookout can send variable length strings to test buffers easily.

3. cgicheck99 0.4

by deepquest

URL: http://www.deepquest.pf/

Platforms: BSDI, BeOS, DOS, FreeBSD, HP-UX, IRIX, Linux, MacOS, NetBSD,

OS/2, OpenBSD, OpenVMS, PalmOS, Solaris, SunOS, UNIX, Windows 2000,

Windows 3.x, Windows 95/98, Windows CE and Windows NT Number of downloads:

1079

This is one of the worlds most cross platform cgi scanners, running on 37

operating systems! Even Palmos soon! Will check for 119 of common cgi and

other remote issues. Plus it will report you the Bugtraq ID of some

vulnerabilities. Get the rebol interpreter at http://www.rebol.com.

4. HookProtect

by ANNA Ltd., pcihprot@anna.zaporizhzhe.ua

URL: http://www.geocities.com/SiliconValley/Hills/8839/index.html

Platforms: Windows 95/98 and Windows NT

Number of downloads: 777

HookProtect version 2.05 is an another powerful product of PCinvestigator

series. It is specialized on detecting the programs that infringe the

privacy and confidentiality on personal computers. There are many various

types of such programs: keyloggers, interceptors, spies, Trojans and so

on. Their main function is monitoring of some kind of user's activity on a

computer (for example, typing the text, running the applications, opening

the windows, Internet activity, etc.).

5. Pandora for Linux v4 beta 2

by Nomad Mobile Research Centre

URL: http://www.nmrc.org/pandora

Platforms: Linux

Number of downloads: 693

BETA - Online point and click auditing of Novell Netware from Windows NT.

Currently spoofing works but lots of crashes on SP3 (we're working on it).

Attach to server with password hashes extracted from Offline program.

Search for target servers. Attach to a server and grab user accounts

without logging in. Dictionary attack against user account. Multiple

Denial of Service attacks. Improved spoofing and hijacking by using

realtime sniffing. Works against Netware 4 and 5.

6. Sun Enterprise Network Security Service Early Access 1

by Sun Microsystems

URL: http://www.sun.com/software/communitysource/senss/

Platforms: Java

Number of downloads: 637

Sun Enterprise Network Security Service (SENSS) is a flexible, Java-based

security solution: a tool that enables organizations to audit and secure

their systems and networks in a modern, heterogeneous, corporate intranet.

The SENSS software is not yet complete; this is the Early Access 1

release, made available for the benefit of parties with a professional

interest in network security, for their experimentation and comment.

The source code is licensed under the Sun Community Source-Code License,

consistent with the Sun Community Source License principles.

IX. SPONSOR INFORMATION -

------------------------------------------

URL: http://www.core-sdi.com

CORE SDI is an international computer security research and development

company. It's clients include 3 of the Big 5 chartered accountant firms

for whom CORE SDI develops customized security auditing tools as well as

several notable computer security product vendors, such as Network

Associates. CORE SDI also has extensive experiance dealing with financial

and government contracts through out Latin and North America.

X. SUBSCRIBE/UNSUBSCRIBE INFORMATION

-------------------------------------

1. How do I subscribe?

Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body

of:

SUBSCRIBE SF-NEWS Lastname, Firstname

You will receive a confirmation request message to which you will have

to anwser.

2. How do I unsubscribe?

Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed

address with a message body of:

UNSUBSCRIBE SF-NEWS

If your email address has changed email aleph1@securityfocus.com and I

will manualy remove you.

3. How do I disable mail delivery temporarily?

If you will are simply going in vacation you can turn off mail delivery

without unsubscribing by sending LISTSERV the command:

SET SF-NEWS NOMAIL

To turn back on e-mail delivery use the command:

SET SF-NEWS MAIL

4. Is the list available in a digest format?

Yes. The digest generated once a day.

5. How do I subscribe to the digest?

To subscribe to the digest join the list normally (see section 0.2.1)

and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message

body of:

SET SF-NEWS DIGEST

6. How do I unsubscribe from the digest?

To turn the digest off send a message to LISTSERV with a message body

of:

SET SF-NEWS NODIGEST

If you want to unsubscribe from the list completely follow the

instructions of section 0.2.2 next.

7. I seem to not be able to unsubscribe. What is going on?

You are probably subscribed from a different address than that from

which you are sending commands to LISTSERV from. Either send email from

the appropiate address or email the moderator to be unsubscribed manually.

Alfred Huger

VP of Engineering

SecurityFocus.com