Home page logo
/

bugtraq logo Bugtraq mailing list archives

HP Security Bulletins Digest
From: aleph1 () DFW NET (Aleph One)
Date: Thu, 31 Jul 1997 12:11:26 -0500


                        HP Support Information Digests

===============================================================================
o  HP Electronic Support Center World Wide Web Service
   ---------------------------------------------------

   If you subscribed through the HP Electronic Support Center and would
   like to be REMOVED from this mailing list, access the
   HP Electronic Support Center on the World Wide Web at:

     http://us-support.external.hp.com

   Enter the Support Information Digests service as a registered user,
   using your HP Electronic Support Center User ID and Password to login.
   You may then unsubscribe from the appropriate digest.
===============================================================================


Digest Name:  Daily Security Bulletins Digest
    Created:  Wed Jul 30 17:08:34 PDT 1997

Table of Contents:

Document ID      Title
---------------  -----------
HPSBUX9611-041   Vulnerability with Large UID's and GID's in HP-UX 10.20
HPSBUX9707-067   Buffer overflows in X11/Motif libraries
HPSBUX9707-068   Security Vulnerability in Novell Netware 3.12 on HP-UX

The documents are listed below.
-------------------------------------------------------------------------------


Document ID:  HPSBUX9611-041
Date Loaded:  970730
      Title:  Vulnerability with Large UID's and GID's in HP-UX 10.20

-------------------------------------------------------------------------
**REVISED 02**HEWLETT-PACKARD SECURITY BULLETIN: #00041, 20 January 1997
Last Revised: 29 July 1997
-------------------------------------------------------------------------

 The information in the following Security Bulletin should be acted upon
 as soon as possible.  Hewlett Packard will not be liable for any
 consequences to any customer resulting from customer's failure to fully
 implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------

PROBLEM:  Use of user or group id's greater than 60000

PLATFORM: HP 9000 series 700/800 systems running version 10.20

DAMAGE:   Increase in capability and unauthorized access

SOLUTION: **REVISED 01**
          Install PHSS_9343, PHNE_9377, and PHNE_9504.  Then examine
          the system for suid files that may not be safe for a large
          uid/gid system.  Any such files must be certified by their
          providers as safe for use in large uid/gid system.
          **REVISED 02**
          Apply patch PHSS_11309. PHSS_9799, which superseded
          PHSS_9343, inadvertently omitted the fix.
          Do not use PHSS_9799; it is now unavailable.
          Both PHSS_9343 and PHSS_9799 have been superseded by
          PHSS_11309, which does have the fix.

AVAILABILITY: PHSS_9343, PHNE_9377, PHNE_9504 and PHSS_11309 are
              available now.

CHANGE SUMMARY: **REVISED 02**
          One of the patches needed, PHSS_9343 (hpterm) was
          superseded by a patch that omitted the fix, PHSS_9799.
          Do not use PHSS_9799.  It has been superseded by PHSS_11309.

          PHSS_9343 has also been superseded by PHSS_11309.  You can
          continue to use PHSS_9343.  However, PHSS_11309 has additional
          defect fixes and you may want to install it.

          NOTE: You still need to install PHNE_9377 and PHNE_9504 or
          subsequent.  You also need to examine the system for suid
          files that may not be safe for a large uid/gid system.
-------------------------------------------------------------------------

I.
   A. Background
      Large user and group id's are new features of HP-UX revision 10.20.
      Requirements for a program to work in a large uid/gid system are
      detailed in the 10.20 Release Notes.  In particular the uid or gid
      must not be stored in a short int.  Doing so in a suid program
      can result in an increase in capability, including root access.

      The suid files in the following filesets have been examined and
      are free of the security vulnerability (after installing the
      patches listed above).  This only implies that the files are free
      from the vulnerability.  It does not necessarily mean that the
      programs in that fileset will work properly in a large uid/gid
      system.

         100VG-RUN, AB-NET, AB-RUN, AB-SUPPORT, ACCOUNTNG, AGRM, ASU,
         AUDIO-SRV, CDE-DTTERM, CDE-RUN, CMDS-AUX, CMDS-MIN,
         DCE-CORE-RUN, DDX-FREEDOM, DVC-SRV, DVC-SRV, EDITORS,
         FAX-SER-CMN, FCEISA-RUN, FCHSC-RUN, FDDI6-RUN, FTAM, GLANCE,
         GLANCE, GPM, HPNP-RUN, HPNP-RUN, HPPAK, HPPB100BT-RUN,
         INETSVCS-RUN, LAN-RUN, LMU, LP-SPOOL, LVM-RUN, LVM-RUN,
         MAILERS, MAPCHAN-CMD, MCSE-CORE, MPOWER-CLIENT, NET-RUN,
         NFS-CLIENT, NIS-CLIENT, OM-ADM, OM-BB, OM-CCMOB, OM-CORE,
         OM-DESK, OM-DSYNC, OM-FAX, OM-LC, OM-NOTES, OM-P7,
         OM-PMOVER, OM-RC, OM-SMS, OM-SNOOP, OM-UNIX, OM-X400,
         OMNI-CORE, OTS-RUN, OVNNM-RUN, PHIGS-RUN, PHIGS-RUN,
         PR-INFORMIX, PRM-RUN, RUPDATE, SAM, SCAN-CFG, SD-CMDS,
         SLIP-RUN, SNAP-COMMON, SNAP-RJE, SNAP2-CORE, SNAP2-RJE,
         STAR-RUN, SYS-ADMIN, SYSCOM, TERM-MNGR-MIN, TOKEN1-RUN,
         TOKEN2-RUN, TOKEN3-RUN, UPG-ANALYSIS, UUCP, UX-CORE,
         VUE-RUN, WTNETSCAPE2-RU, X11-RUN-CL, X11-RUN-CTRB, X400-RUN

      Note: The fact that a fileset is missing from the list above
      does not mean it is suspect.  It may mean the fileset contains
      no suid files.  The script below can be used to identify suid
      files that are not contained in known safe filesets.


   B. Fixing the problem

      Install the patches listed above and examine all suid files.
      The following script will identify suspect suid files.
      The provider of any suspect file should be contacted to confirm
      that the program is safe for use in a large uid/gid system.

      Note:  The script was tested on a system with one file system.
      If you have a different configuration (nfs mounted file systems,
      for example), you may want to modify the find(1) command.

      Note:  Some suid files may be listed under the fileset of
      a patch as well as under the primary fileset.  In that case:

        1. Use swlist to find all the instances of each file.

           For example:

            # swlist -l file | grep vueaction
            PHSS_8537.PHSS_8537: /usr/vue/bin/vueaction
            VUE.VUE-MAN: /usr/share/man/man1.Z/vueaction.1
            VUE.VUE-RUN: /usr/vue/bin/vueaction
            # swlist -l file | grep vuehello
            ...


        2. Verify that the primary (non-patch) fileset is on the
           list of large uid/gid safe filesets.  In this case
           VUE-RUN is on the list.

        3. Add the patch fileset (PHSS_8537 in this example) to the
           list of safe filesets in the script below.  For example:

              -e PHSS_8537: \


   C. Recommended solution

#!/bin/sh
echo "###############################################################"
echo "#                                                             #"
echo "#  Finds suid files that are suspect in a large uid/gid       #"
echo "#  system.  Those would be any suid file not in one           #"
echo "#  of the following filesets:                                 #"
echo "#                                                             #"
echo "#100VG-RUN, AB-NET, AB-RUN, AB-SUPPORT, ACCOUNTNG, AGRM, ASU, #"
echo "#AUDIO-SRV, CDE-DTTERM, CDE-RUN, CMDS-AUX, CMDS-MIN,          #"
echo "#DCE-CORE-RUN, DDX-FREEDOM, DVC-SRV, DVC-SRV, EDITORS,        #"
echo "#FAX-SER-CMN, FCEISA-RUN, FCHSC-RUN, FDDI6-RUN, FTAM, GLANCE, #"
echo "#GLANCE, GPM, HPNP-RUN, HPNP-RUN, HPPAK, HPPB100BT-RUN,       #"
echo "#INETSVCS-RUN, LAN-RUN, LMU, LP-SPOOL, LVM-RUN, LVM-RUN,      #"
echo "#MAILERS, MAPCHAN-CMD, MCSE-CORE, MPOWER-CLIENT, NET-RUN,     #"
echo "#NFS-CLIENT, NIS-CLIENT, OM-ADM, OM-BB, OM-CCMOB, OM-CORE,    #"
echo "#OM-DESK, OM-DSYNC, OM-FAX, OM-LC, OM-NOTES, OM-P7,           #"
echo "#OM-PMOVER, OM-RC, OM-SMS, OM-SNOOP, OM-UNIX, OM-X400,        #"
echo "#OMNI-CORE, OTS-RUN, OVNNM-RUN, PHIGS-RUN, PHIGS-RUN,         #"
echo "#PR-INFORMIX, PRM-RUN, RUPDATE, SAM, SCAN-CFG, SD-CMDS,       #"
echo "#SLIP-RUN, SNAP-COMMON, SNAP-RJE, SNAP2-CORE, SNAP2-RJE,      #"
echo "#STAR-RUN, SYS-ADMIN, SYSCOM, TERM-MNGR-MIN, TOKEN1-RUN,      #"
echo "#TOKEN2-RUN, TOKEN3-RUN, UPG-ANALYSIS, UUCP, UX-CORE,         #"
echo "#VUE-RUN, WTNETSCAPE2-RU, X11-RUN-CL, X11-RUN-CTRB, X400-RUN  #"
echo "#                                                             #"
echo "# Note:  This assumes that the patches listed in              #"
echo "#        HP Security Bulletin 41 are installed.               #"
echo "#                                                             #"
echo "# As you qualify other suid files you may want to             #"
echo "# modify this script.                                         #"
echo "#                                                             #"
echo "###############################################################"
td=/tmp/suid_temp
mkdir $td
##########################################################
# find all suid files
##########################################################
echo find all suid files:
echo "find / -type f -perm -u+s -print >$td/suid_files"
find / -type f -perm -u+s -print >$td/suid_files

##########################################################
# list all files in all installed filesets
##########################################################
echo list all files in all installed filesets:
echo "swlist -l file >$td/swlist.file"
swlist -l file >$td/swlist.file

##########################################################
# extract the suid files from the list all files
# in all installed filesets
##########################################################
echo find suspect suid files
grep -Ff $td/suid_files $td/swlist.file > $td/swlist.suid

##########################################################
# make a list of all the filesets containing suid files
##########################################################
awk '{print $1}' $td/swlist.suid | cut -f 2 -d\. \
   | sort -u >$td/suid_filesets

##########################################################
# remove from the list all the filesets known to be
# large uid/gid safe
##########################################################

grep -ve 100VG-RUN:  -e AB-NET:  -e AB-RUN:  -e AB-SUPPORT: \
-e ACCOUNTNG:  -e AGRM:  -e ASU:  -e AUDIO-SRV:  -e CDE-DTTERM: \
-e CDE-RUN:  -e CMDS-AUX:  -e CMDS-MIN:  -e DCE-CORE-RUN: \
-e DDX-FREEDOM:  -e DVC-SRV:  -e DVC-SRV:  -e EDITORS: \
-e FAX-SER-CMN:  -e FCEISA-RUN:  -e FCHSC-RUN:  -e FDDI6-RUN: \
-e FTAM:  -e GLANCE:  -e GLANCE:  -e GPM:  -e HPNP-RUN: \
-e HPNP-RUN:  -e HPPAK:  -e HPPB100BT-RUN:  -e INETSVCS-RUN: \
-e LAN-RUN:  -e LMU:  -e LP-SPOOL:  -e LVM-RUN:  -e LVM-RUN: \
-e MAILERS:  -e MAPCHAN-CMD:  -e MCSE-CORE: \
-e MPOWER-CLIENT:  -e NET-RUN:  -e NFS-CLIENT:  -e NIS-CLIENT: \
-e OM-ADM:  -e OM-BB:  -e OM-CCMOB:  -e OM-CORE: \
-e OM-DESK:  -e OM-DSYNC:  -e OM-FAX:  -e OM-LC:  -e OM-NOTES: \
-e OM-P7:  -e OM-PMOVER:  -e OM-RC:  -e OM-SMS: \
-e OM-SNOOP:  -e OM-UNIX:  -e OM-X400:  -e OMNI-CORE: \
-e OTS-RUN:  -e OVNNM-RUN:  -e PHIGS-RUN:  -e PHIGS-RUN: \
-e PR-INFORMIX:  -e PRM-RUN:  -e RUPDATE:  -e SAM: \
-e SCAN-CFG:  -e SD-CMDS:  -e SLIP-RUN:  -e SNAP-COMMON: \
-e SNAP-RJE:  -e SNAP2-CORE:  -e SNAP2-RJE:  -e STAR-RUN: \
-e SYS-ADMIN:  -e SYSCOM:  -e TERM-MNGR-MIN:  -e TOKEN1-RUN: -e UUCP: \
-e TOKEN2-RUN:  -e TOKEN3-RUN:  -e UPG-ANALYSIS: \
-e UX-CORE:  -e VUE-RUN:  -e WTNETSCAPE2-RU:  -e X11-RUN-CL: \
-e X11-RUN-CTRB:  -e X400-RUN: \
$td/suid_filesets >$td/suid_suspect_filesets

##########################################################
# make a list of all the files in the suspect filesets
##########################################################
grep -Ff $td/suid_suspect_filesets $td/swlist.file \
  >$td/suid_suspect_filesets_files

##########################################################
# extract just the suid files from the suspect filesets
##########################################################

echo "The following suid files are suspect in a large uid/gid system:" \
     >$td/suid_suspect_files
echo "Fileset:       File">>$td/suid_suspect_files
echo "-------------------------------------------" >>$td/suid_suspect_files
grep -Ff $td/suid_files $td/suid_suspect_filesets_files \
  >$td/suid_suspect_files

##########################################################
# suid files that are not in filesets are suspect
##########################################################
for i in `cat $td/suid_files`
do
  count=`grep -c $i $td/swlist.file`
  if [ $count -eq 0 ]
  then
    echo "not_in_a_fileset: $i" >>$td/suid_suspect_files
  fi
done

cat $td/suid_suspect_files
echo "The list of suspect suid files is in $td/suid_suspect_files"
exit
##################### end ###########################################

   D. Impact of the patch
   Installs large uid/gid safe programs.

   E.  To subscribe to automatically receive future NEW HP
   Security Bulletins from the HP SupportLine Digest service via
   electronic mail, do the following:

       1)  From your Web browser, access the URL:

       http://us-support.external.hp.com (US,Canada, Asia-Pacific,
       and Latin-America)

       http://europe-support.external.hp.com  (Europe)

       2)  On the HP Electronic Support Center main screen, select
       the hyperlink "Support Information Digests".

       3)  On the "Welcome to HP's Support Information Digests" screen,
       under the heading "Register Now", select the appropriate
       hyperlink "Americas and Asia-Pacific", or "Europe".

       4)  On the "New User Registration" screen, fill in the fields
       for the User Information and Password and then select the
       button labeled "Submit New User".

       5)  On the "User ID Assigned" screen, select the hyperlink
       "Support Information Digests".

       **Note what your assigned user ID and password are for future
         reference.

       6)  You should now be on the "HP Support Information Digests
       Main" screen.  You might want to verify that your email address
       is correct as displayed on the screen.  From this screen, you
       may also view/subscribe to the digests, including the security
       bulletins digest.

       To get a patch matrix of current HP-UX and BLS security
       patches referenced by either Security Bulletin or Platform/OS,
       click on following screens in order:

         Technical Knowledge Database
         Browse Security Bulletins
         Security Bulletins Archive
         HP-UX Security Patch Matrix


   F. To report new security vulnerabilities, send email to

           security-alert () hp com

       Please encrypt any exploit information using the security-alert
       PGP key, available from your local key server, or by sending a
       message with a -subject- (not body) of 'get key' (no quotes) to
       security-alert () hp com 


      Permission is granted for copying and circulating this Bulletin to
      Hewlett-Packard (HP) customers (or the Internet community) for the
      purpose of alerting them to problems, if and only if, the Bulletin
      is not edited or changed in any way, is attributed to HP, and
      provided such reproduction and/or distribution is performed for
      non-commercial purposes.

      Any other use of this information is prohibited. HP is not liable
      for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID:  HPSBUX9611-041--------------------------------------


Document ID:  HPSBUX9707-067
Date Loaded:  970730
      Title:  Buffer overflows in X11/Motif libraries

-------------------------------------------------------------------------
         HEWLETT-PACKARD SECURITY BULLETIN: #00067, 30 July 1997
-------------------------------------------------------------------------

 The information in the following Security Bulletin should be acted upon
 as soon as possible.  Hewlett Packard will not be liable for any
 consequences to any customer resulting from customer's failure to fully
 implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------
PROBLEM:  Buffer overflows in X11/Motif libraries.

PLATFORM: HP9000 Series 700/800 running releases 9.X and 10.X

DAMAGE:   Suid/sgid programs linked with X11/Motif libraries can
          be exploited to increase privileges.

SOLUTION: Install the patches listed below.  Any programs that are
          linked archived with any previous versions of the X11/Motif
          libraries must be relinked with the libraries in the patches.

AVAILABILITY:  The patches are available now.
-------------------------------------------------------------------------
I.
   A. Background - Several buffer overflow conditions have been
                   identified.  These have been present in all
                   previous versions of the X11/Motif libraries.

   B. Fixing the problem - Install the applicable patches:

      PHSS_11626         9.X X11R5/Motif1.2  Runtime
      PHSS_11627         9.X X11R5/Motif1.2  Development

      PHSS_11043       10.0X X11R5/Motif1.2  Runtime (also for 10.10)
      PHSS_11044       10.0X X11R5/Motif1.2  Development

      PHSS_11043       10.10 X11R5/Motif1.2  Runtime (also for 10.0X)
      PHSS_11045       10.10 X11R5/Motif1.2  Development

      PHSS_11628       10.20 X11R5/Motif1.2  Runtime
      PHSS_11629       10.20 X11R5/Motif1.2  Development

      PHSS_11628       10.20 X11R6/Motif1.2  Runtime
      PHSS_11630       10.20 X11R6/Motif1.2  Development

      PHSS_9858          9.X VUE 3.0

      PHSS_9804        10.01 VUE 3.0

      PHSS_9805        10.10/10.20 VUE 3.0

      PHSS_11373         9.X JSE A.B9.40

      Then relink any suid/sgid programs that use X11 or Motif archived
      libraries.

   C. Recommended solution - Install the applicable patches and
      relink archived suid/sgid programs.

   D. Impact of the patch - The fixes are in the X11/Motif patches.
      The VUE and JSE patches make use of the libraries in the
      X11/Motif patches.

   E. To subscribe to automatically receive future NEW HP Security
      Bulletins from the HP Electronic Support Center via electronic
      mail, do the following:

      User your browser to get to the HP Electronic Support Center page
      at:

      http://us-support.external.hp.com
      (for US, Canada, Asia-Pacific, & Latin-America)

      http://europe-support.external.hp.com
      (for Europe)

      Click on the Technical Knowledge Database, register as a user
      (remember to save the User ID assigned to you, and your password),
      and it will connect to a HP Search Technical Knowledge DB page.
      Near the bottom is a hyperlink to our Security Bulletin archive.
      Once in the archive there is another link to our current
      security patch matrix. Updated daily, this matrix is categorized
      by platform/OS release, and by bulletin topic.

   F. To report new security vulnerabilities, send email to

          security-alert () hp com

      Please encrypt any exploit information using the security-alert
      PGP key, available from your local key server, or by sending a
      message with a -subject- (not body) of 'get key' (no quotes) to
      security-alert () hp com 

     Permission is granted for copying and circulating this Bulletin to
     Hewlett-Packard (HP) customers (or the Internet community) for the
     purpose of alerting them to problems, if and only if, the Bulletin
     is not edited or changed in any way, is attributed to HP, and
     provided such reproduction and/or distribution is performed for
     non-commercial purposes.

     Any other use of this information is prohibited. HP is not liable
     for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID:  HPSBUX9707-067--------------------------------------


Document ID:  HPSBUX9707-068
Date Loaded:  970730
      Title:  Security Vulnerability in Novell Netware 3.12 on HP-UX

-------------------------------------------------------------------------
         HEWLETT-PACKARD SECURITY BULLETIN: #00068, 30 July 1997
-------------------------------------------------------------------------

 The information in the following Security Bulletin should be acted upon
 as soon as possible.  Hewlett Packard will not be liable for any
 consequences to any customer resulting from customer's failure to fully
 implement instructions in this Security Bulletin as soon as possible.

-------------------------------------------------------------------------

PROBLEM:  Novell Netware 3.12 release B.10.08 or earlier, and B.09.05 or
          earlier allows unauthorized users to read files.

PLATFORM: HP 9000 Series 700/800s running only specific releases of HP-UX
          9.X and 10.X. See below.

DAMAGE:   Allows users unauthorized file read access.

SOLUTION: Apply the following patches as needed:
                 PHNE_11684 for HP-UX release 9.04, or
                 PHNE_11341 for HP-UX release 10.01, and
                 PHNE_11722 for HP-UX release 10.01, or
                 PHNE_11723 for HP-UX release 10.10, or
                 PHNE_11724 for HP-UX release 10.20.

AVAILABILITY: All patches are available now.
-------------------------------------------------------------------------
I.
   A. Background
      Hewlett-Packard Company has discovered a defect in the Novell
      Netware 3.12 product running on HP-UX.  This defect is seen on
      both 9.04 and 10.X operating systems, and allows users to read
      files from an unauthorized PC.  Native Netware is exempt from
      this defect.

      NOTE: The product in question only runs on HP-UX releases 9.04,
            10.01, 10.10, or 10.20.

   B. Fixing the problem
      For HP-UX 9.04 users, simply obtain Netware release B.09.08.002
      to be used as a full product replacement.  This is the patch
      PHNE_11684.  Installation will require rebooting the server.

      For 10.01 users, before continuing to use Netware, first obtain
      PHNE_10341 (the full product replacement patch B.10.08) and then
      apply patch PHNE_11722 (B.10.08.002).  PHNE_11722 will not
      install unless PHNE_10341 has been previously installed.

      For HP-UX 10.10 and 10.20 update to the Netware B.10.08 release
      from the latest application release CD, DART32 or newer.
      Then install the appropriate patch (see above).

   C. Recommended solution
      The patch is a cumulative patch and and fully fixes the
      discovered vulnerability.

   D. To subscribe to automatically receive future NEW HP Security
      Bulletins from the HP SupportLine Digest service via electronic
      mail, do the following:

      1)  From your Web browser, access the URL:

          http://us-support.external.hp.com
          (for US,Canada, Asia-Pacific, and Latin-America)

          http://europe-support.external.hp.com  (for Europe)

      2)  On the HP Electronic Support Center main screen, select
          the hyperlink "Support Information Digests".

      3)  On the "Welcome to HP's Support Information Digests" screen,
          under the heading "Register Now", select the appropriate
          hyperlink "Americas and Asia-Pacific", or "Europe".

      4)  On the "New User Registration" screen, fill in the fields for
          the User Information and Password and then select the button
          labeled "Submit New User".

      5)  On the "User ID Assigned" screen, select the hyperlink

          "Support Information Digests".

          ** Note what your assigned user ID and password are for
            future reference.

      6)  You should now be on the "HP Support Information Digests Main"
          screen.  You might want to verify that your email address is
          correct as displayed on the screen.  From this screen, you may
          also view/subscribe to the digests, including the security
          bulletins digest.

      To get a patch matrix of current HP-UX and BLS security patches
      referenced by either Security Bulletin or Platform/OS, click on
      following screens in order:
         Technical Knowledge Database
         Browse Security Bulletins
         Security Bulletins Archive
         HP-UX Security Patch Matrix

   E. To report new security vulnerabilities, send email to

          security-alert () hp com

      Please encrypt any exploit information using the security-alert
      PGP key, available from your local key server, or by sending a
      message with a -subject- (not body) of 'get key' (no quotes) to
      security-alert () hp com 

   Permission is granted for copying and circulating this Bulletin to
   Hewlett-Packard (HP) customers (or the Internet community) for the
   purpose of alerting them to problems, if and only if, the Bulletin is
   not edited or changed in any way, is attributed to HP, and provided
   such reproduction and/or distribution is performed for non-commercial
   purposes.

   Any other use of this information is prohibited.  HP is not liable
   for any misuse of this information by any third party.
_______________________________________________________________________
-----End of Document ID:  HPSBUX9707-068--------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault