************************************************************************** Security Bulletin 9615 DISA Defense Communications System August 2, 1996 Published by: DISN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/sec-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/sec-9544.txt). These are also available at our WWW site, http://nic.ddn.mil. ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -----BEGIN PGP SIGNED MESSAGE----- The ASSIST www site is http://www.assist.mil <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 96-13 Release date: 1 August, 1996, 3:30 PM EST (GMT -4) SUBJECT: FreeBSD Security Vulnerabilities SUMMARY: Three vulnerabilities have been identified in the FreeBSD operating system: 1) vfsload Library, 2) Union File System Code, and 3) Manual Page Reader. PLATFORM: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current BACKGROUND: The first vulnerability allows local users to gain unauthorized permissions. The second vulnerability allows local users to compromise system stability. The third vulnerability allows local users to gain access privileges of the "man" user. SOLUTIONS: Install the proper patches and/or use the workarounds provided below. ========================================================================== SUBJECT: Unauthorized Access Via Mount_Union / Mount_Msdos (vfsload) PATCHES: ftp://freebsd.org/pub/CERT/patches/SA-96:09/ BACKGROUND: A bug was found in the vfsload(3) library call that affects all versions of FreeBSD from 2.0 through 2.2-CURRENT that caused a system vulnerability. This problem is present in all source code and binary distributions of FreeBSD version 2.x released before 1996-05-18. The FreeBSD project is aware of active exploits of this vulnerability. All FreeBSD users are encouraged to use the workaround provided until they can update their operating system to a version with this vulnerability fixed. PROBLEM DESCRIPTION: The mount_union and mount_msdos programs invoke another system utility in an insecure fashion while setuid root. IMPACT: The problem could allow local users to gain unauthorized permissions. This vulnerability can only be exploited by users with a valid account on the local system. SOLUTIONS: Update operating system sources and binaries to FreeBSD 2.1-stable or FreeBSD 2.2-current as distributed later than 1996-05-18 or if you are currently running 2.1 or later, you may apply the solution patches available at the URL listed at the top of this message. The OS updates fix the actual problem in the vfsload(3) library routine. Once the vfsload() library routine is fixed, the workaround listed below is not necessary to solve this problem. However, an additional stability problem has come to light (ref. FreeBSD SA-96:10) so the FreeBSD project suggests using both the setuid workaround and the solution for best results. WORKAROUND: This vulnerability can quickly and easily be limited by removing the setuid permission bit from the mount_union and mount_msdos program. This workaround will work for all versions of FreeBSD affected by this problem. As root, execute the command: % chmod u-s /sbin/mount_union /sbin/mount_msdos then verify that the setuid permissions of the files have been removed. The permissions array should read "-r-xr-xr-x" as shown here: % ls -l /sbin/mount_union /sbin/mount_msdos -r-xr-xr-x 1 root bin 151552 Apr 26 04:41 /sbin/mount_msdos -r-xr-xr-x 1 root bin 53248 Apr 26 04:40 /sbin/mount_union In addition to changing the permissions on the executable files, if you have the source code installed, we suggest patching the sources so that mount_union will not be installed with the setuid bit set: *** /usr/src/sbin/mount_union/Makefile Sun Nov 20 14:47:52 1994 - - - --- /usr/src/sbin/mount_union/Makefile Fri May 17 10:36:09 1996 *************** *** 8,14 **** CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT} .PATH: ${MOUNT} - - - - BINOWN= root - - - - BINMODE=4555 - - - - .include - - - --- 8,11 ---- *** /usr/src/sbin/i386/mount_msdos/Makefile Sun Dec 4 00:01:24 1994 - - - --- /usr/src/sbin/i386/mount_msdos/Makefile Fri May 17 11:31:57 1996 *************** *** 6,14 **** SRCS= mount_msdos.c getmntopts.c MAN8= mount_msdos.8 - - - - BINOWN= root - - - - BINMODE= 4555 - - - - MOUNT= ${.CURDIR}/../../mount CFLAGS+= -I${MOUNT} .PATH: ${MOUNT} - - - --- 6,11 ---- ============================================================================= SUBJECT: Union File System Code Vulnerability PATCHES: ftp://freebsd.org/pub/CERT/patches/SA-96:10/ BACKGROUND: A bug was found in the union file system code which can allow an unprivileged local user to compromise system stability. This problem is present in all source code and binary distributions of FreeBSD version 2.x released before 1996-05-18. All FreeBSD users are encouraged to use the workaround provided until the FreeBSD Project distributes a full solution. PROBLEM DESCRIPTION The union filesystem code had problems with certain mount ordering problems. By executing a certain sequence of mount_union commands, an unprivileged local user may cause a system reload. NOTE: This is a different problem than the one discussed in FreeBSD SA-96:09. The workaround for this vulnerability is similar to the one discussed in 96:09, but the proper solution for the unauthorized access problem in 96:09 does not address this vulnerability. IMPACT: The problem could allow local users to compromise system stability. This vulnerability can only be exploited by users with a valid account on the local system. SOLUTIONS: The FreeBSD project is currently developing a solution to this problem, however the proper solution will not be available until a future FreeBSD release. We do not anticipate releasing patches for previous versions of FreeBSD due to the extensive nature of this fix. This security advisory will be updated as new information is made available. WORKAROUND: This vulnerability can quickly and easily be limited by removing the setuid permission bit from the mount_union program. This workaround will work for all versions of FreeBSD affected by this problem. As root, execute the command: % chmod u-s /sbin/mount_union then verify that the setuid permissions of the files have been removed. The permissions array should read "-r-xr-xr-x" as shown here: % ls -l /sbin/mount_union -r-xr-xr-x 1 root bin 53248 Apr 26 04:40 /sbin/mount_union In addition to changing the permissions on the executable files, if you have the source code installed, we suggest patching the sources so that mount_union will not be installed with the setuid bit set: *** /usr/src/sbin/mount_union/Makefile Sun Nov 20 14:47:52 1994 - - - --- /usr/src/sbin/mount_union/Makefile Fri May 17 10:36:09 1996 *************** *** 8,14 **** CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT} .PATH: ${MOUNT} - - - - BINOWN= root - - - - BINMODE=4555 - - - - .include - - - --- 8,11 ---- ============================================================================= SUBJECT: Manual Page Reader Vulnerability PATCHES: ftp://freebsd.org/pub/CERT/patches/SA-96:11/ BACKGROUND: FreeBSD replaced the standard BSD manual page reader with code developed by a third party to support compressed manual pages. A bug was found in the manual page reader which can allow an unprivileged local user to compromise system security in a limited fashion. This problem is present in all source code and binary distributions of FreeBSD version 2.x released before 1996-05-21. PROBLEM DESCRIPTION: The man program is setuid to the "man" user. By executing a particular sequence of commands, an unprivileged local user may gain the access privileges of the "man" user. However, root access could be obtained with further work. IMPACT: The "man" user has no particular special privileges, it is the owner of the /usr/share/man/cat[0-9] directory hierarchy. Unformatted system manual pages are owned by the "bin" user. However, further exploits once "man" is obtained could possibly allow a local user to obtain unlimited access via a trojan horse. This vulnerability can only be exploited by users with a valid account on the local system. WORKAROUND: One may simply disable the setuid bit on the /usr/bin/man file. This will disable caching of formatted manual pages, no system functionality will be lost. This workaround will suffice for all versions of FreeBSD affected by this problem. As root, execute the command: # chmod u-s /usr/bin/man then verify that the setuid permissions of the files have been removed. The permissions array should read "-r-xr-xr-x" as shown here: # ls -l /usr/bin/man -r-xr-xr-x 1 man bin 28672 May 19 20:38 /usr/bin/man We also suggest applying the following patch to the source distribution so that the man program will not be installed setuid man should you rebuild from sources: *** /usr/src/gnu/usr.bin/man/man/Makefile Sun Feb 25 13:39:52 1996 --- /usr/src/gnu/usr.bin/man/man/Makefile Wed May 22 00:13:05 1996 *************** *** 1,7 **** PROG= man SRCS= man.c manpath.c glob.c - BINMODE=4555 - BINOWN= man .if exists(${.CURDIR}/../lib/obj) LDADD= -L${.CURDIR}/../lib/obj -lman --- 1,5 ---- SOLUTIONS: The FreeBSD team is in the process of rewriting portions of the manual program to avoid this and similar vulnerabilities. This security advisory will be updated when a complete solution is available. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST would like to thank FreeBSD and CIAC for information contained in this bulletin. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), and provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from assist.mil (IP address 199.211.123.11). Note: assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231, COMM 703-607-4700, DSN 327-4700. ELECTRONIC MAIL: assist@assist.mil. ASSIST BBS: COMM 703-607-4710, DSN 327-4710, leave a message for the "sysop". FAX: COMM 703-607-4735, DSN 607-4735 ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt, and through the world wide web from http://net-dist.mit.edu/pgp.html. In accordance with the terms of that license, PGP 2.6.2 may be used for non-commercial purposes only. Instructions for downloading the PGP 2.6.2 software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi4uZ40AAAEEAM1uraimCNeh5PtzX7KoGxC2u8uMTdl8V5sujk3MHbWvCuOM W0FqDy5s9iwfQLZWzJ7cbM6L0mNOj8eJGoz7TqGKZDDRFlKAwg0x8joleZLC2gXw FVdF/g6Mdv7ok7heoa+Y//YMeADnsSrmzqLCnhFbKYffww3EbdH6sbnW3Io9AAUR tB9BU1NJU1QgVGVhbSA8YXNzaXN0QGFzc2lzdC5taWw+iQCVAwUQMJVF1JtBJ/Qs yeedAQFnqgQAp1rw7ONT41Mr3gHGs2aVpEwgOH6SeJ9sHZxUp4dJu+ogRMFrqdC+ +NBfzitzj9m1udFVDHpwsGawbv6wg43DDAKaTgIETCHYXa/OM5/9FCS3xJwC99Gb V1iOm8S/Q9FcJruKID9DG2WUJp2yPj+CjTuBQeLjGkqGjuSOR1TNXQiJAJUDBRAw lUPuYKf6jFkmJQkBAWg5A/9ykgo2ULWUsSzZjRkO9yPZUPAlpfH7ReaHwkapK69F fBzqwwQ8Gig1mL+qgmOHS8Zv+OAT491sWWsECN+dfpopFdsgS4Sec19ZjcMyhL1c BVIS9Cmbjetb6Kvfc39AMr0MRCrUlOkUd4qScjHysHFYRAwCl3STRjprNnUPKQbn f4kAlQMFEDB482bk8movIjSrbQEB/VgD/iap/CAb1jq8wMA3QleU8d6/QUqoPzgp jRhP0wP7K2GLVUV0d5sP4EptmzejqViZvlzt6ufnI1bML0Yt2U5loAeblnh714RX JcOmyAah6niiJSKuhCsYUzW6f3EBzXBn5tcu3GP35h+1VQunCQCMICCfnZ0r8Wcv EdwE9LxPYdueiQCVAwUQMHOjMwJPhGsUbeKNAQGOagQAgT5p6CwrIPpi+12yJ170 ekc3MPp8z0aNbvdCQWXTK6qtq1LmS65VeH0RE5xRponsgbWp+5JBvD22v0eGuSg7 7bnHT1HPXazPERAp8sw1zTERs7drMQE+JhHYylh3orKzHNf5EjFx10vwEXdfvGSc sP3Vpcx2xu0lUYHp5oHtPFiJAJUDBRAwar4DFKHh5Qavqe0BAeQqA/4xd0tdq9yF eUYrd1+ZriayzfSjCcIUlCDH1i7vXw1kiHkg2YpOoZLD9k+zNkbOyBs/r570fGHu A23SvUcUfaBUijT1jf9YGU5MQMdpx3p5qqI4kJ0GWUNySZNtaFy0qWNH8Z8NsNp3 FWllVeisye0qe96aoizW0dAyUymlM6YYn4kAlQMFEDBqqvga2zTcAviMgQEBN8wE AIu7O/Of4c1OvMc5tti4+gcyCVw41+fLjxQFB5EtkoW8Js6XhCsv3GcmzgCZw3g8 Sux7wxGe+lspZNV9rvv+JkDBWkA9O5HyOdmdv5JZM1UH41NettZM9Yw7kUtO7lAT aOb4ybHlqrBwJ8/+Lig7r7PwTL847JyGa3g229pGG/uEiQCVAwUQMGpTK+glSuMP TJd1AQE8KQP8Cu+FYuagNoBRllMIQryT9+0ngLRxJJTcTgIbLX4OPwa27JuXCukG kUIXRWFCqkRqkM/7ImZXeuUL4PmAX07f9ygGH7BUyqefhIWkxWFDaGHJVlg3l/pS Wh7NnC+nU6DUJNSzfwYStCABNptOcMiYaT1fY0+DkWpIgJVRTptquOWJAJUCBRAw aHX+IlGW2WZtAFEBATkXA/40QTxVP/x3aJDgC11cvFhwT7M+qJvhGSTRJOtrFz8i soZzihMeaQ8zLiu73dDlFz2E4f0+ettxsDcgFJADNmZ5H7WkPlf9gBUBne4KP2Y6 yIjOCMwd6T7HGm/ErF88DIJ2wn8irhzVRnBBWhnmQfSzr5a7mkjlA6GzAlFucGp3 eokAlQMFEDBpzIC58yc3bMt0GQEBgd4EAI0mE/5wXSWuBNApkALLjPAchBdeC4Kl YF4hQkfY/4YddeIasgTmINKOc5gJWgTHxPI2xKxjTAQhIZlOxuDyXWnBuK+x2hr4 iCh5unEIH+qaqdipGwWjFq0IZEmOOJaBRxlVt2hrmY6nRMpekitFLw8dhWHgI968 WVhJpWfBg+MhiQCVAwUQMGnMcmJl+kgHVnRVAQF+nQP/XK4xmIx1SmjoN9D+vNRY PSiKz8KEzh1Y2/5QTYA7iES8QXC4i/8HOWK7lyoL6FmWGxKYpU8isQ+DJpk0A4N0 U04JexpyFa0EeM/wsfp0YvAWesSVhV5UkDQU6hSC0U8rS1j/qtnSLZ4wXpapPSBh 82daDlxAQCVMzDoQYQZkMi+JAJUDBRAwacftBCZ9eY4KSdEBAbKGA/0VHArALL6v d0a0x7sn4o60Bk2fFzuaCBNTNzb11OOtuu47KMOZLwrl2jv+32ysIVEOXx+puhXP nQAgRrH0LGKV5FOY3B98AHuV+woOmfVjM2T3xB4Bs52Dz+HIIIhaWzzy3955tlp/ 6UyvZnD0QFLS/bre/Pog1Lgl0pxonmILhYkAlQIFEDBpJpXAx/wW8A8EIQEBPVoD /jwgG+7ZrWrb8/dqe6IZhSk8rq0JIHhSA2Hz1T7PhRvyDiquBJ3ulTeaX3BvuWqF bMuLJ4CTqXw9dexDehEnhGlxYycSXVzy8a34pLnmldii8oNvI1bLWMgd4HdM/PPZ GOgHmSIGrXMChkbddt9AoszDI0Whlbe9+wn6AeZVrJVaiQCVAgUQMGkkL2yh0IcG ee2RAQHrTgQAvBRce0S9yBvI/ufC/1jhE3LuUoA3YDdA8+UQ+UekaslZzOEgPs4K Za/nM9Y2vaRYscyzyIg8FGTzCdJQ2be9HZjSkB2xQuakeq88tlV32/cLcQSC8Zrw xsnPWujbIcWYg7B0hv8cCovef/w4kC9GyhjhIzPIsQ/Cr7/TYzheK12JAJUDBRAw Z/38o2xF3nu86kkBARanA/0XO4HBo6pT2xNCdQ7AW9UrvmTCiYUb0XVY7qCnkaPp Sn1KjsK2nGueDMGUBzvx9zWZ0xHAS+BSNkoM61gb9455KcbDwRqw6+47O/WuX1w9 fh7egjTY0kqN6YsP/vtirOuP+Krh19w/s6cDxbEBNbJIiZofRDFRRsZcZ8E2mLCP UIkAlQMFEDBn/EY7f8e8znZrHwEBxQwD/jP+CiwO3Nk45M5Ei++TZzdp7ak82hum XxVXplV2G4w8DN86pfl3IV/XvU67FQXg4NKJr+wm3JknDtlKZTE5g+aKkOYK6Fqt w3FjTd6PTDz11YRruCsdvBeYwMcHPe5XzIhgkwkMXX2Mp99q9LGKfV3087do2LNr V/2S/atn6IuqiQCVAwUQMGW6OliXq3zaXLJBAQFLwgP/bQ1C/Ph54RlRqw9rovJo SXp5wvQAfVqqnkL5nIIIK2uGputcmhMP8RqYKuRv4xaezkCDTeIE/P0327Ajc4// ca4SZCojxfqtrhw3EkfZtvFLJh1tsvAkqZkgHmjJxwA+lY78lQ1ncBZ99dePpuHu MBQew3769SkEA8kk/s5XiYqJAJUDBRAvXHHu0fqxudbcij0BAQFjA/0W8glucqO0 wtSPyCF3qGimFLHxZmd9Cw6Zlf8Ftfy8rPVrkGQGfioA29b64oZ1SUTwsswSbU8P n0KKFxvc6hYM5TzMg4gSu+vLh6pr4vMRdXyecF16z4BrUwIwZLP4rc5o/vyVDskI ahj1NdNYh6V8B0FUEbhVBxJBGfy2NF0bZ7QoQVNTSVNUIFRlYW0gPGFzc2lzdEBh c3Npc3QuaW1zLmRpc2EubWlsPokAlQIFEC45Ys3KbyuD/AwC1QEBKPED/2dwnN+/ OE2iHhvGwv3jZtsm6cH+GVkpNpc0w0vQOKvVwUnLwuETSv+eryz9Fl7nL0U2tv/5 V81dXqqc5C7EvOQW1Dt9RBSjEOundYrOzsfELIMrwh1iJXsIxG7g7iil0HeKzxsQ E/nBFwJbgP6SQaYF4wy7TPuXw+IVVddp0p1riQCVAgUQLi5x6IdGPdIwvm+pAQFN EwP+Ml0i+yurXH1ZvQApz+HKwqLrRTNsNdHu2CsQ/OdGo4Vq4eqyPTvrI1OVjm6o jye7GR3RMPygEcz0oox/+YfB5cmGugpZLFsWLspswrFGGCXLXY3Bq7mpH14GENU5 JMlHzazeRvdDbkSv700Xu25JshjWIzfTY2nNUNfFlRefQoY= =8gi/ - -----END PGP PUBLIC KEY BLOCK----- - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMaTLebnzJzdsy3QZAQFYeQP/Rfu/KQe7ARXd5OHo3Ky3o1YdSf7Pelfp nzvxrHzxm71eTF55ByF9MoS4kP6LGA4telZ1XmVXrmlBZooe6LU7uYMNtsBK50qV Yy3Hb14gwUndt0xcalc8/nPjjnC9VE/plM5EOno6PVKAW9+DS/tC/10shjlviaCr fGo3z4zXg2M= =2hNo - -----END PGP SIGNATURE----- - -+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+ This message was posted through the FIRST mailing list server. if you wish to unsubscribe from this mailing list, send the message body of "unsubscribe first-teams" to majordomo@FIRST.ORG - -+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+==--+ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMgD+BNH6sbnW3Io9AQGCUwP/TMVkG964vcoEv+b1+iSSbE2pvteM9Rk1 TN69RmjqM9JengxwEPVfUuc4oAQ7ZTG2V+r7neECzgeJuPgIa37JMaVsmX/YvqHp UDJQAacD2fSXHJpznBzTe22KBS91ODa32GCJ4rzlrnK+0MubGiuxtGwX4y3X2FAA xpYB2i4J12E= =AyI/ -----END PGP SIGNATURE----- -- _______ A S S I S T | / Automated Systems Security Incident Support Team | / Duty phone: +1 800 357 4231 (DSN 327 4700) 24hr | / Integritas Commercial +1 703 607 4700 24hr | < et 24hr pager: +1 800 791 4857 | \ Celeritas BBS: +1 703 607 4710 (DSN 327 4710) | \ Unclass FAX: +1 703 607 4735 (DSN 327 4735) | \ e-mail: ASSIST@ASSIST.MIL ------- Anonymous FTP: FTP.ASSIST.MIL (IP 199.211.123.12) **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.