-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Version 1.0 October 1996 CERT(R) Coordination Center Product Vulnerability Reporting Form If you know of a vulnerability in a product, please complete this form and return it to cert@cert.org. We aren't able to acknowledge each report we receive; however, if we have additional questions, we will contact you for further information. We prefer that any vulnerability information you send to us be encrypted. We can support a shared DES key or PGP. Contact the CERT staff for more information. The CERT PGP public key is available in http://www.cert.org/pgp/cert_pgp_key.asc Thanks, we appreciate your taking the time to report this vulnerability. CONTACT INFORMATION =============================================================================== Let us know who you are: Name : E-mail : Phone / fax : Affiliation and address: Have you reported this to the vendor? [yes/no] If so, please let us know whom you've contacted: Date of your report : Vendor contact name : Vendor contact phone : Vendor contact e-mail : Vendor reference number : If not, we encourage you to do so--vendors need to hear about vulnerabilities from you as a customer. POLICY INFO =============================================================================== We encourage communication between vendors and their customers. When we forward a report to the vendor, we include the reporter's name and contact information unless you let us know otherwise. If you want this report to remain anonymous, please check here: ___ Do not release my identity to your vendor contact. TECHNICAL INFO =============================================================================== If there is a CERT Vulnerability tracking number please put it here (otherwise leave blank): VU#______. Please describe the vulnerability. - ---------------------------------- What is the impact of this vulnerability? - ----------------------------------------- (For example: local user can gain root/privileged access, intruders can create root-owned files, denial of service attack, etc.) a) What is the specific impact: b) How would you envision it being used in an attack scenario: To your knowledge is the vulnerability currently being exploited? - ----------------------------------------------------------------- [yes/no] If there is an exploitation script available, please include it here. - --------------------------------------------------------------------- Do you know what systems and/or configurations are vulnerable? - -------------------------------------------------------------- [yes/no] (If yes, please list them below) System : OS version : Verified/Guessed: Are you aware of any workarounds and/or fixes for this vulnerability? - --------------------------------------------------------------------- [yes/no] (If you have a workaround or are aware of patches please include the information here.) OTHER INFORMATION =========================================================================== Is there anything else you would like to tell us? - -------- CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark office. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iQEcBAEBAgAGBQJINi3hAAoJEBBA4qoUwz9XG/4IALLp13AgEyqEsXp9janQpSU1 +dKtCSro8VM720y+knEQkRxgXuyS0SevM5MVBllTMeNGXPEopN+iEcm6XtNoJn9Q +iZkKWdUJmL/MKPV5HjB9+KHWL9mfHV5mouUPvbl4NtmxRnMGC0dIkkTnPyeNpPd NNhXIBvb9qO1ap+mCailRS28IcsVKpCORJR6RHk9EGGA5MBQ8qUGfU+OjiovP5pa 4GhqhG7vDHIZu3gQnGH2ycWV/q6xPfP671488QYUGUlNusdGK9zblZZqbstyl+Px QnkIFBpVA31D+1W1hO8rNnCQmR8RWECVGZ5m8NDmvwHrJyDkH0YYcDTwetrzmCo= =ELm9 -----END PGP SIGNATURE-----