[ISN] Secunia Weekly Summary - Issue: 2004-20

From: InfoSec News (isn@private)
Date: Fri May 14 2004 - 01:41:35 PDT

  • Next message: InfoSec News: "Re: [ISN] Crackers declare cyberwar on USA"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-05-06 - 2004-05-13                        
    
                           This week : 42 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    Secunia has launched a new service called Secunia Virus Information.
    Secunia Virus Information is based on information automatically
    collected from seven different anti-virus vendors. The data will be
    parsed and indexed, resulting in a chronological list, a searchable
    index, and grouped profiles with information from the seven vendors.
    
    Furthermore, when certain criteria are triggered virus alerts will be
    issued. You can sign-up for the alerts here:
    
    Sign-up for Secunia Virus Alerts:
    http://secunia.com/secunia_virus_alerts/
    
    Secunia Virus Information:
    http://secunia.com/virus_information/
    
    
    ========================================================================
    2) This Week in Brief:
    
    
    ADVISORIES:
    
    Two vulnerabilities have been reported in the Eudora mail client.
    
    The first vulnerability was discovered by Paul Szabo and can be
    triggered by embedding an overly long link in an e-mail. Successful
    exploitation may allow execution of arbitrary code.
    
    The second vulnerability was discovered by Brett Glass and can be
    exploited to obfuscate the actual link contained in an e-mail.
    
    Reference:
    http://secunia.com/SA11581
    http://secunia.com/SA11568
    
    --
    
    Microsoft has reported a vulnerability in Windows Help and Support
    Center, which can be exploited to compromise a user's system. However,
    this will require some user interaction.
    
    Patches have been issued for this. Please refer to Secunia advisory
    below.
    
    Reference:
    http://secunia.com/SA11590
    
    
    VIRUS ALERTS:
    
    During the last week, Secunia issued two MEDIUM RISK virus alerts.
    Please refer to the grouped virus profiles below for more information:
    
    Wallon.A - MEDIUM RISK Virus Alert - 2004-05-11 18:49 GMT+1
    http://secunia.com/virus_information/9320/wallon.a/
    
    Sasser.E - MEDIUM RISK Virus Alert - 2004-05-11 06:46 GMT+1
    http://secunia.com/virus_information/9263/sasser.e/
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
    2.  [SA11568] Eudora URL Handling Buffer Overflow Vulnerability
    3.  [SA11582] Microsoft Internet Explorer and Outlook URL Obfuscation
                  Issue
    4.  [SA10395] Internet Explorer URL Spoofing Vulnerability
    5.  [SA11482] Windows Explorer / Internet Explorer Long Share Name
                  Buffer Overflow
    6.  [SA11590] Microsoft Windows Help and Support Center URL Validation
                  Vulnerability
    7.  [SA10328] Linux Kernel "do_brk()" Privilege Escalation
                  Vulnerability
    8.  [SA11558] Exim Buffer Overflow Vulnerabilities
    9.  [SA11064] Microsoft Windows 14 Vulnerabilities
    10. [SA11553] PHP-Nuke Multiple Vulnerabilities
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA11590] Microsoft Windows Help and Support Center URL Validation
    Vulnerability
    [SA11588] MailEnable Professional HTTPMail Service Buffer Overflow
    Vulnerabilities
    [SA11568] Eudora URL Handling Buffer Overflow Vulnerability
    [SA11566] MyWeb HTTP GET Request Buffer Overflow Vulnerability
    [SA11589] eMule Web Interface Negative Content Length Denial of
    Service
    [SA11578] Icecast Basic Authorization Denial of Service Vulnerability
    [SA11573] efFingerD Denial of Service Vulnerabilities
    [SA11572] Microsoft Outlook Predictable File Location Weakness
    [SA11595] Microsoft Outlook External Reference Vulnerability
    [SA11576] TrendMicro OfficeScan Weak Permissions
    [SA11582] Microsoft Internet Explorer and Outlook URL Obfuscation
    Issue
    [SA11581] Eudora URL Obfuscation Issue
    [SA11563] Microsoft IIS Inappropriate Cookie Handling Error
    
    UNIX/Linux:
    [SA11597] Debian update for exim-tls
    [SA11571] OpenPKG update for ssmtp
    [SA11562] Debian update for exim
    [SA11559] P4DB Input Validation Vulnerabilities
    [SA11558] Exim Buffer Overflow Vulnerabilities
    [SA11599] Red Hat update for ipsec-tools
    [SA11598] OpenPKG update for apache
    [SA11592] Gentoo update for OpenOffice
    [SA11575] Gentoo update for neon
    [SA11574] Gentoo update for LHA
    [SA11565] HP WBEM Services OpenSSL Handshake Denial of Service
    Vulnerabilities
    [SA11564] Conectiva update for lha
    [SA11584] Mandrake update for apache2
    [SA11583] Mandrake update for rsync
    [SA11600] Red Hat update for kernel
    [SA11586] SCO OpenServer Insecure Default XHost Access Controls
    [SA11585] NetBSD Systrace Privilege Escalation Vulnerability
    [SA11580] IBM Parallel Environment Sample Code Privilege Escalation
    Vulnerability
    [SA11561] OpenPKG update for kolab
    [SA11560] Kolab Server OpenLDAP Root Password Disclosure
    [SA11591] Gentoo update for ClamAV
    [SA11577] Linux Kernel IO Bitmap Access Permissions Inheritance
    Vulnerability
    
    Other:
    
    
    Cross Platform:
    [SA11587] phpShop Arbitrary File Inclusion Vulnerability
    [SA11569] DeleGate SSLway Filter Buffer Overflow Vulnerability
    [SA11579] NukeJokes SQL Injection Vulnerabilities
    [SA11570] Sun Java Runtime Environment Unspecified Denial of Service
    Vulnerability
    [SA11567] e107 "Login Name/Author" Script Insertion Vulnerability
    [SA11593] BEA WebLogic "weblogic.xml" May Reset to Default Permissions
    [SA11594] BEA WebLogic Admins and Operators May be Able to Stop the
    Service
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA11590] Microsoft Windows Help and Support Center URL Validation
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-11
    
    Microsoft has issued patches for Microsoft Windows to fix a
    vulnerability in the Help and Support Center.
    
    Full Advisory:
    http://secunia.com/advisories/11590/
    
     --
    
    [SA11588] MailEnable Professional HTTPMail Service Buffer Overflow
    Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-11
    
    Behrang Fouladi has discovered two vulnerabilities in MailEnable
    Professional, which potentially can be exploited by malicious people to
    compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11588/
    
     --
    
    [SA11568] Eudora URL Handling Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-07
    
    Paul Szabo has reported a vulnerability in Eudora, which can be
    exploited by malicious people to compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11568/
    
     --
    
    [SA11566] MyWeb HTTP GET Request Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-05-08
    
    badpack3t has reported a vulnerability in MyWeb, which can be exploited
    by malicious people to cause a DoS (Denial of Service) and potentially
    compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11566/
    
     --
    
    [SA11589] eMule Web Interface Negative Content Length Denial of
    Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-11
    
    A vulnerability has been discovered in eMule, which can be exploited by
    malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11589/
    
     --
    
    [SA11578] Icecast Basic Authorization Denial of Service Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-12
    
    ned has discovered a vulnerability in Icecast, which can be exploited
    by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11578/
    
     --
    
    [SA11573] efFingerD Denial of Service Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-10
    
    Dr_insane has reported a vulnerability in efFingerD, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11573/
    
     --
    
    [SA11572] Microsoft Outlook Predictable File Location Weakness
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-10
    
    http-equiv has reported a security issue in Microsoft Outlook,
    potentially allowing malicious people to place a file in a predictable
    location.
    
    Full Advisory:
    http://secunia.com/advisories/11572/
    
     --
    
    [SA11595] Microsoft Outlook External Reference Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-05-12
    
    http-equiv has reported a security issue in Microsoft Outlook,
    potentially allowing malicious people (spammers) to verify if a
    recipient has read an email.
    
    Full Advisory:
    http://secunia.com/advisories/11595/
    
     --
    
    [SA11576] TrendMicro OfficeScan Weak Permissions
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Security Bypass
    Released:    2004-05-10
    
    Matt has reported a vulnerability in TrendMicro OfficeScan, allowing
    local users to stop the virus scanning.
    
    Full Advisory:
    http://secunia.com/advisories/11576/
    
     --
    
    [SA11582] Microsoft Internet Explorer and Outlook URL Obfuscation
    Issue
    
    Critical:    Not critical
    Where:       From remote
    Impact:      ID Spoofing
    Released:    2004-05-10
    
    http-equiv has discovered an issue in Microsoft Internet Explorer,
    Outlook and Outlook Express, allowing malicious people to obfuscate
    URLs.
    
    Full Advisory:
    http://secunia.com/advisories/11582/
    
     --
    
    [SA11581] Eudora URL Obfuscation Issue
    
    Critical:    Not critical
    Where:       From remote
    Impact:      ID Spoofing
    Released:    2004-05-10
    
    Brett Glass has reported an issue in Eudora, allowing malicious people
    to obfuscate URLs.
    
    Full Advisory:
    http://secunia.com/advisories/11581/
    
     --
    
    [SA11563] Microsoft IIS Inappropriate Cookie Handling Error
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information
    Released:    2004-05-10
    
    Cesar Cerrudo has reported a security issue in Microsoft Internet
    Information Services (IIS), potentially allowing malicious people to
    gain knowledge of certain details about server side scripts.
    
    Full Advisory:
    http://secunia.com/advisories/11563/
    
    
    UNIX/Linux:--
    
    [SA11597] Debian update for exim-tls
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-12
    
    Debian has issued updated packages for exim. These fix two
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11597/
    
     --
    
    [SA11571] OpenPKG update for ssmtp
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-08
    
    OpenPKG has issued an update for sSMTP. This fixes two vulnerabilities,
    allowing malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11571/
    
     --
    
    [SA11562] Debian update for exim
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-07
    
    Debian has issued updated packages for exim. These fix two
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11562/
    
     --
    
    [SA11559] P4DB Input Validation Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-06
    
    Jon McClintock has reported some vulnerabilities in P4DB, potentially
    allowing malicious people to execute system commands.
    
    Full Advisory:
    http://secunia.com/advisories/11559/
    
     --
    
    [SA11558] Exim Buffer Overflow Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-06
    
    Georgi Guninski has reported two vulnerabilities in exim, which
    potentially can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11558/
    
     --
    
    [SA11599] Red Hat update for ipsec-tools
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Hijacking, Security Bypass, Manipulation of data, DoS
    Released:    2004-05-12
    
    Red Hat has issued updated packages for ipsec-tools. These fix various
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service), establish unauthorised connections, and
    conduct MitM (Man-in-the-Middle) attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11599/
    
     --
    
    [SA11598] OpenPKG update for apache
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, Manipulation of data, ID Spoofing, Security Bypass
    Released:    2004-05-12
    
    OpenPKG has issued updates for apache. These fix various
    vulnerabilities, which can be exploited to inject potentially malicious
    characters into error logfiles, bypass certain restrictions, gain
    unauthorised access, or cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11598/
    
     --
    
    [SA11592] Gentoo update for OpenOffice
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-12
    
    Gentoo has issued updates for OpenOffice. These fix a vulnerability
    allowing malicious people to compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11592/
    
     --
    
    [SA11575] Gentoo update for neon
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-10
    
    Gentoo has issued updated packages for neon. These fix multiple
    vulnerabilities, allowing malicious people to compromise a user's
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11575/
    
     --
    
    [SA11574] Gentoo update for LHA
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-10
    
    Gentoo has issued an update for lha. This fixes multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11574/
    
     --
    
    [SA11565] HP WBEM Services OpenSSL Handshake Denial of Service
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-07
    
    HP has reported that WBEM Services is affected by the OpenSSL handshake
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11565/
    
     --
    
    [SA11564] Conectiva update for lha
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-07
    
    Conectiva has issued updated packages for lha. These fix multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11564/
    
     --
    
    [SA11584] Mandrake update for apache2
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-11
    
    MandrakeSoft has issued updated packages for Apache 2. These fix a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11584/
    
     --
    
    [SA11583] Mandrake update for rsync
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass, Manipulation of data
    Released:    2004-05-11
    
    MandrakeSoft has issued updated packages for rsync. These fix a
    vulnerability, potentially allowing malicious people to write files
    outside the intended directory.
    
    Full Advisory:
    http://secunia.com/advisories/11583/
    
     --
    
    [SA11600] Red Hat update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation, Exposure of sensitive information,
    Exposure of system information
    Released:    2004-05-12
    
    Red Hat has issued updated packages for the kernel. These fix various
    vulnerabilities, which can be exploited by malicious, local users to
    gain knowledge of sensitive information or gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11600/
    
     --
    
    [SA11586] SCO OpenServer Insecure Default XHost Access Controls
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-05-12
    
    SCO has fixed an old security issue, which can be exploited by
    malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11586/
    
     --
    
    [SA11585] NetBSD Systrace Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-05-11
    
    Stefan Esser has reported a vulnerability in the NetBSD -current
    implementation of the systrace utility and in a FreeBSD port by
    Vladimir Kotal, which can be exploited by malicious, local users to
    gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11585/
    
     --
    
    [SA11580] IBM Parallel Environment Sample Code Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-05-10
    
    A vulnerability has been discovered in IBM Parallel Environment (PE),
    which can be exploited by malicious, local users to gain escalated
    privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11580/
    
     --
    
    [SA11561] OpenPKG update for kolab
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-05-06
    
    OpenPKG has issued an updated version of kolab. This fixes a
    vulnerability, which can be exploited by malicious, local users to gain
    knowledge of the OpenLDAP root password.
    
    Full Advisory:
    http://secunia.com/advisories/11561/
    
     --
    
    [SA11560] Kolab Server OpenLDAP Root Password Disclosure
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-05-06
    
    Luca Villani has discovered a vulnerability in Kolab Server, which can
    be exploited by malicious, local users to gain knowledge of sensitive
    information.
    
    Full Advisory:
    http://secunia.com/advisories/11560/
    
     --
    
    [SA11591] Gentoo update for ClamAV
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-05-12
    
    Gentoo has issued an update for clamav. This fixes a vulnerability,
    which potentially can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11591/
    
     --
    
    [SA11577] Linux Kernel IO Bitmap Access Permissions Inheritance
    Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      DoS
    Released:    2004-05-10
    
    Stas Sergeev has reported a vulnerability in the Linux kernel, which
    potentially can be exploited by malicious, local users to cause a DoS
    (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11577/
    
    
    Other:
    
    
    Cross Platform:--
    
    [SA11587] phpShop Arbitrary File Inclusion Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-11
    
    Calum Power has reported a vulnerability in phpShop, potentially
    allowing malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11587/
    
     --
    
    [SA11569] DeleGate SSLway Filter Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-05-07
    
    Joel Eriksson has reported a vulnerability in DeleGate, which
    potentially can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11569/
    
     --
    
    [SA11579] NukeJokes SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2004-05-10
    
    Janek Vind has reported multiple vulnerabilities in NukeJokes, allowing
    malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11579/
    
     --
    
    [SA11570] Sun Java Runtime Environment Unspecified Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-05-08
    
    An unspecified vulnerability has been discovered in the Java Runtime
    Environment, which can be exploited by malicious people to cause the
    Java Virtual Machine to become unresponsive.
    
    Full Advisory:
    http://secunia.com/advisories/11570/
    
     --
    
    [SA11567] e107 "Login Name/Author" Script Insertion Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-05-08
    
    SmOk3 has reported a vulnerability in e107, which can be exploited to
    conduct script insertion attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11567/
    
     --
    
    [SA11593] BEA WebLogic "weblogic.xml" May Reset to Default Permissions
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-05-12
    
    BEA has issued updates for WebLogic Server and WebLogic Express. These
    fix a security issue, which potentially could grant inapropriate
    privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11593/
    
     --
    
    [SA11594] BEA WebLogic Admins and Operators May be Able to Stop the
    Service
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-05-12
    
    BEA has issued updates for WebLogic Server and WebLogic Express. These
    fix a weakness allowing certain administrative users to stop the
    service.
    
    Full Advisory:
    http://secunia.com/advisories/11594/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri May 14 2004 - 03:28:00 PDT