[41189] in bugtraq
RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability
daemon@ATHENA.MIT.EDU (Randy Ivener (rivener))
Mon Nov 14 20:23:32 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C5E965.956A6BDA"
Date: Mon, 14 Nov 2005 13:50:24 -0800
Message-ID: <6E7590A4D7F8244BA8ECE4FEC6782F650112AA92@xmb-sjc-22d.amer.cisco.com>
From: "Randy Ivener (rivener)" <rivener@cisco.com>
To: <bugtraq@securityfocus.com>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C5E965.956A6BDA
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Response
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This is Cisco PSIRT's response to the statements made by Amin Tora in
his
message: [ADVISORY] CISCO ASA Failover DoS Vulnerability, posted on=20
November 14, 2005.
The original email is available at
http://www.securityfocus.com/archive/1/416544/30/0/threaded
Attached is a cleartext, PGP signed version of this same email.
This issue is being tracked by two Cisco Bug IDs:
* CSCsc34022 -- ASA-PIX requires improved failover testing method
This DDTS has been resolved and the fix will be available in an upcoming
version of software. The standby firewall now validates both the IP
address and
MAC address of all active firewall interfaces while conducting failover
ARP
testing.
* CSCsc47618 -- Authenticate all messages between Active and Standby
Firewalls
This DDTS is under investigation and while not resolved there is a
workaround to=20
mitigate the issue.
We would like to thank Amin Tora for reporting this issue to us.
We greatly appreciate the opportunity to work with researchers on
security
vulnerabilities, and welcome the opportunity to review and assist in
product
reports.
Additional Information
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The Release Note Enclosure for CSCsc34022 states:
+------------------------------------------------
Symptom:
+-------
The Standby firewall in failover pair may not take over when the Active
firewall loses power or crashes.
Conditions:
+----------
For this issue to occur, a duplicate IP address matching one of the
active
firewall's IP addresses must be present on the same network subnet as
the
firewalls when the active firewall loses power or crashes.
When the active firewall loses power or crashes, the standby firewall's
LAN
failover interface will lose connectivity with the active firewall. This
causes
the standby firewall to ARP for the IP address of each active firewall
interface. Because the active firewall is now unreachable, the duplicate
IP
address matching the active firewall will cause the standby firewall to
receive
a reply to the ARP attempt. Upon receiving the erroneous ARP reply, the
standby firewall will believe that the active firewall is still
reachable and
prevent the standby firewall from taking over.
Due to the timing of two concurrent failover tests, there are still
cases where
the standby firewall will be able to determine that the active firewall
is down
even when a duplicate IP address is present; however, this can not be
guaranteed.
Workaround:
+----------
Connecting the LAN failover interfaces of the firewalls to switch ports
may
minimize but not completely mitigate the chance that an otherwise active
firewall will lose connectivity to its LAN failover interface.
Preventing or correcting IP addresses that duplicate the firewall IP
addresses
is a complete workaround for this issue.
The firewall will detect and log duplicate IP addresses with system log
message:
%PIX-4-405001: Received ARP response collision from <firewall IP
address/mac
address of device with duplicate IP address> on interface <firewall
interface>.
Additional information about this syslog message is available at:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/sys
log/logmsgs.htm#wp1282234
Additional information about configuring failover in PIX and ASA 7.0 is
available at:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/con
fig/failover.htm
Additional information about configuring failover in FWSM 2.3 is
available at:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm
/fwsm_2_3/fwsm_cfg/failover.htm
The Release Note Enclosure for CSCsc47618 states:
+------------------------------------------------
Symptom:
+-------
An attacker who can spoof the IP address and MAC address of an active
firewall's interface may prevent failover from occurring.
Conditions:
+----------
When the active firewall loses power or crashes, the standby firewall's
LAN
failover interface will lose connectivity with the active firewall. This
causes
the standby firewall to ARP for the IP address of each active firewall
interface. The standby firewall will only accept the ARP response if the
source
MAC address matches the active firewall's interface MAC address. An
attacker
who can spoof the IP address and MAC address of the active firewall's
interface
can lead the standby firewall to believe that the active firewall is
still
reachable and prevent the standby firewall from taking over.
Workaround:
+----------
Configure port security on all switch ports configured to be in the same
vlans
as the active and standby firewalls enabled interfaces. Port security
must not
be enabled on the switch ports connected to the active and standby
firewalls
interfaces.
Port security will prevent an attacker from spoofing the active
firewall's
interface MAC address allowing failover to occur normally.
This configuration should be tested before being enabled in a production
environment.
For information on configuring port security refer to:
=20
Catalyst 6500 Series Cisco IOS Software Configuration Guide
Configuring Port Security
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configura
tion_guide_chapter09186a0080160a2c.html
Catalyst 6500 Series Software Configuration Guide
Configuring Port Security
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configura
tion_guide_chapter09186a008022f27b.html
LAN Security
Configuration Guides
http://www.cisco.com/en/US/tech/tk389/tk814/tech_configuration_guides_li
st.html
For information about layer 2 attacks and mitigations refer to:
SAFE Layer 2 Security In-depth Version 2
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_sol
utions_white_paper09186a008014870f.shtml
Cisco Security Procedures
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Complete information on reporting security vulnerabilities in Cisco
products,
obtaining assistance with security incidents, and registering to receive
security information from Cisco, is available on Cisco's worldwide
website at=20
http://www.cisco.com/en/US/products/products_security_vulnerability_poli
cy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at=20
http://www.cisco.com/go/psirt
Regards,=20
Randy=20
Randy Ivener
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
rivener@cisco.com=20
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ3kGnG4/EyDEWh8IEQKBhACbB6PVS/9UY3puPDYx5TZLxgkUp9IAoJem
ExnCz+YJioSK6OOENgSorGa5
=3DOr3I
-----END PGP SIGNATURE-----
------_=_NextPart_001_01C5E965.956A6BDA
Content-Type: application/octet-stream;
name="cisco-bugtraq-pix-failover.txt.asc"
Content-Transfer-Encoding: base64
Content-Description: cisco-bugtraq-pix-failover.txt.asc
Content-Disposition: attachment;
filename="cisco-bugtraq-pix-failover.txt.asc"
LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMQ0KDQpDaXNjbyBS
ZXNwb25zZQ0KPT09PT09PT09PT09PT0NCg0KVGhpcyBpcyBDaXNjbyBQU0lSVCdzIHJlc3BvbnNl
IHRvIHRoZSBzdGF0ZW1lbnRzIG1hZGUgYnkgQW1pbiBUb3JhIGluIGhpcw0KbWVzc2FnZTogW0FE
VklTT1JZXSBDSVNDTyBBU0EgRmFpbG92ZXIgRG9TIFZ1bG5lcmFiaWxpdHksIHBvc3RlZCBvbiAN
Ck5vdmVtYmVyIDE0LCAyMDA1Lg0KDQpUaGUgb3JpZ2luYWwgZW1haWwgaXMgYXZhaWxhYmxlIGF0
DQpodHRwOi8vd3d3LnNlY3VyaXR5Zm9jdXMuY29tL2FyY2hpdmUvMS80MTY1NDQvMzAvMC90aHJl
YWRlZA0KDQoNClRoaXMgaXNzdWUgaXMgYmVpbmcgdHJhY2tlZCBieSB0d28gQ2lzY28gQnVnIElE
czoNCg0KICogQ1NDc2MzNDAyMiAtLSBBU0EtUElYIHJlcXVpcmVzIGltcHJvdmVkIGZhaWxvdmVy
IHRlc3RpbmcgbWV0aG9kDQoNClRoaXMgRERUUyBoYXMgYmVlbiByZXNvbHZlZCBhbmQgdGhlIGZp
eCB3aWxsIGJlIGF2YWlsYWJsZSBpbiBhbiB1cGNvbWluZw0KdmVyc2lvbiBvZiBzb2Z0d2FyZS4g
VGhlIHN0YW5kYnkgZmlyZXdhbGwgbm93IHZhbGlkYXRlcyBib3RoIHRoZSBJUCBhZGRyZXNzIGFu
ZA0KTUFDIGFkZHJlc3Mgb2YgYWxsIGFjdGl2ZSBmaXJld2FsbCBpbnRlcmZhY2VzIHdoaWxlIGNv
bmR1Y3RpbmcgZmFpbG92ZXIgQVJQDQp0ZXN0aW5nLg0KDQogKiBDU0NzYzQ3NjE4IC0tIEF1dGhl
bnRpY2F0ZSBhbGwgbWVzc2FnZXMgYmV0d2VlbiBBY3RpdmUgYW5kIFN0YW5kYnkgRmlyZXdhbGxz
DQoNClRoaXMgRERUUyBpcyB1bmRlciBpbnZlc3RpZ2F0aW9uIGFuZCB3aGlsZSBub3QgcmVzb2x2
ZWQgdGhlcmUgaXMgYSB3b3JrYXJvdW5kIHRvIA0KbWl0aWdhdGUgdGhlIGlzc3VlLg0KDQoNCldl
IHdvdWxkIGxpa2UgdG8gdGhhbmsgQW1pbiBUb3JhIGZvciByZXBvcnRpbmcgdGhpcyBpc3N1ZSB0
byB1cy4NCg0KV2UgZ3JlYXRseSBhcHByZWNpYXRlIHRoZSBvcHBvcnR1bml0eSB0byB3b3JrIHdp
dGggcmVzZWFyY2hlcnMgb24gc2VjdXJpdHkNCnZ1bG5lcmFiaWxpdGllcywgYW5kIHdlbGNvbWUg
dGhlIG9wcG9ydHVuaXR5IHRvIHJldmlldyBhbmQgYXNzaXN0IGluIHByb2R1Y3QNCnJlcG9ydHMu
DQoNCg0KQWRkaXRpb25hbCBJbmZvcm1hdGlvbg0KPT09PT09PT09PT09PT09PT09PT09PQ0KDQpU
aGUgUmVsZWFzZSBOb3RlIEVuY2xvc3VyZSBmb3IgQ1NDc2MzNDAyMiBzdGF0ZXM6DQorLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClN5bXB0b206DQor
LS0tLS0tLQ0KDQpUaGUgU3RhbmRieSBmaXJld2FsbCBpbiBmYWlsb3ZlciBwYWlyIG1heSBub3Qg
dGFrZSBvdmVyIHdoZW4gdGhlIEFjdGl2ZQ0KZmlyZXdhbGwgbG9zZXMgcG93ZXIgb3IgY3Jhc2hl
cy4NCg0KDQpDb25kaXRpb25zOg0KKy0tLS0tLS0tLS0NCg0KRm9yIHRoaXMgaXNzdWUgdG8gb2Nj
dXIsIGEgZHVwbGljYXRlIElQIGFkZHJlc3MgbWF0Y2hpbmcgb25lIG9mIHRoZSBhY3RpdmUNCmZp
cmV3YWxsJ3MgSVAgYWRkcmVzc2VzIG11c3QgYmUgcHJlc2VudCBvbiB0aGUgc2FtZSBuZXR3b3Jr
IHN1Ym5ldCBhcyB0aGUNCmZpcmV3YWxscyB3aGVuIHRoZSBhY3RpdmUgZmlyZXdhbGwgbG9zZXMg
cG93ZXIgb3IgY3Jhc2hlcy4NCg0KV2hlbiB0aGUgYWN0aXZlIGZpcmV3YWxsIGxvc2VzIHBvd2Vy
IG9yIGNyYXNoZXMsIHRoZSBzdGFuZGJ5IGZpcmV3YWxsJ3MgTEFODQpmYWlsb3ZlciBpbnRlcmZh
Y2Ugd2lsbCBsb3NlIGNvbm5lY3Rpdml0eSB3aXRoIHRoZSBhY3RpdmUgZmlyZXdhbGwuIFRoaXMg
Y2F1c2VzDQp0aGUgc3RhbmRieSBmaXJld2FsbCB0byBBUlAgZm9yIHRoZSBJUCBhZGRyZXNzIG9m
IGVhY2ggYWN0aXZlIGZpcmV3YWxsDQppbnRlcmZhY2UuIEJlY2F1c2UgdGhlIGFjdGl2ZSBmaXJl
d2FsbCBpcyBub3cgdW5yZWFjaGFibGUsIHRoZSBkdXBsaWNhdGUgSVANCmFkZHJlc3MgbWF0Y2hp
bmcgdGhlIGFjdGl2ZSBmaXJld2FsbCB3aWxsIGNhdXNlIHRoZSBzdGFuZGJ5IGZpcmV3YWxsIHRv
IHJlY2VpdmUNCmEgcmVwbHkgdG8gdGhlIEFSUCBhdHRlbXB0LiBVcG9uIHJlY2VpdmluZyB0aGUg
ZXJyb25lb3VzICBBUlAgcmVwbHksIHRoZQ0Kc3RhbmRieSBmaXJld2FsbCB3aWxsIGJlbGlldmUg
dGhhdCB0aGUgYWN0aXZlIGZpcmV3YWxsIGlzIHN0aWxsIHJlYWNoYWJsZSBhbmQNCnByZXZlbnQg
dGhlIHN0YW5kYnkgZmlyZXdhbGwgZnJvbSB0YWtpbmcgb3Zlci4NCg0KRHVlIHRvIHRoZSB0aW1p
bmcgb2YgdHdvIGNvbmN1cnJlbnQgZmFpbG92ZXIgdGVzdHMsIHRoZXJlIGFyZSBzdGlsbCBjYXNl
cyB3aGVyZQ0KdGhlIHN0YW5kYnkgZmlyZXdhbGwgd2lsbCBiZSBhYmxlIHRvIGRldGVybWluZSB0
aGF0IHRoZSBhY3RpdmUgZmlyZXdhbGwgaXMgZG93bg0KZXZlbiB3aGVuIGEgZHVwbGljYXRlIElQ
IGFkZHJlc3MgaXMgcHJlc2VudDsgaG93ZXZlciwgdGhpcyBjYW4gbm90IGJlDQpndWFyYW50ZWVk
Lg0KDQoNCldvcmthcm91bmQ6DQorLS0tLS0tLS0tLQ0KDQpDb25uZWN0aW5nIHRoZSBMQU4gZmFp
bG92ZXIgaW50ZXJmYWNlcyBvZiB0aGUgZmlyZXdhbGxzIHRvIHN3aXRjaCBwb3J0cyBtYXkNCm1p
bmltaXplIGJ1dCBub3QgY29tcGxldGVseSBtaXRpZ2F0ZSB0aGUgY2hhbmNlIHRoYXQgYW4gb3Ro
ZXJ3aXNlIGFjdGl2ZQ0KZmlyZXdhbGwgd2lsbCBsb3NlIGNvbm5lY3Rpdml0eSB0byBpdHMgTEFO
IGZhaWxvdmVyIGludGVyZmFjZS4NCg0KUHJldmVudGluZyBvciBjb3JyZWN0aW5nIElQIGFkZHJl
c3NlcyB0aGF0IGR1cGxpY2F0ZSB0aGUgZmlyZXdhbGwgSVAgYWRkcmVzc2VzDQppcyBhIGNvbXBs
ZXRlIHdvcmthcm91bmQgZm9yIHRoaXMgaXNzdWUuDQoNClRoZSBmaXJld2FsbCB3aWxsIGRldGVj
dCBhbmQgbG9nIGR1cGxpY2F0ZSBJUCBhZGRyZXNzZXMgd2l0aCBzeXN0ZW0gbG9nDQptZXNzYWdl
Og0KDQolUElYLTQtNDA1MDAxOiBSZWNlaXZlZCBBUlAgcmVzcG9uc2UgY29sbGlzaW9uIGZyb20g
PGZpcmV3YWxsIElQIGFkZHJlc3MvbWFjDQphZGRyZXNzIG9mIGRldmljZSB3aXRoIGR1cGxpY2F0
ZSBJUCBhZGRyZXNzPiBvbiBpbnRlcmZhY2UgPGZpcmV3YWxsIGludGVyZmFjZT4uDQoNCkFkZGl0
aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhpcyBzeXNsb2cgbWVzc2FnZSBpcyBhdmFpbGFibGUg
YXQ6DQpodHRwOi8vd3d3LmNpc2NvLmNvbS91bml2ZXJjZC9jYy90ZC9kb2MvcHJvZHVjdC9tdWx0
aXNlYy9hc2Ffc3cvdl83MC9zeXNsb2cvbG9nbXNncy5odG0jd3AxMjgyMjM0DQoNCkFkZGl0aW9u
YWwgaW5mb3JtYXRpb24gYWJvdXQgY29uZmlndXJpbmcgZmFpbG92ZXIgaW4gUElYIGFuZCBBU0Eg
Ny4wIGlzDQphdmFpbGFibGUgYXQ6DQpodHRwOi8vd3d3LmNpc2NvLmNvbS91bml2ZXJjZC9jYy90
ZC9kb2MvcHJvZHVjdC9tdWx0aXNlYy9hc2Ffc3cvdl83MC9jb25maWcvZmFpbG92ZXIuaHRtDQoN
CkFkZGl0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgY29uZmlndXJpbmcgZmFpbG92ZXIgaW4gRldT
TSAyLjMgaXMgYXZhaWxhYmxlIGF0Og0KaHR0cDovL3d3dy5jaXNjby5jb20vdW5pdmVyY2QvY2Mv
dGQvZG9jL3Byb2R1Y3QvbGFuL2NhdDYwMDAvbW9kX2ljbi9md3NtL2Z3c21fMl8zL2Z3c21fY2Zn
L2ZhaWxvdmVyLmh0bQ0KDQoNClRoZSBSZWxlYXNlIE5vdGUgRW5jbG9zdXJlIGZvciBDU0NzYzQ3
NjE4IHN0YXRlczoNCistLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0NCg0KU3ltcHRvbToNCistLS0tLS0tDQoNCkFuIGF0dGFja2VyIHdobyBjYW4gc3Bvb2Yg
dGhlIElQIGFkZHJlc3MgYW5kIE1BQyBhZGRyZXNzIG9mIGFuIGFjdGl2ZQ0KZmlyZXdhbGwncyBp
bnRlcmZhY2UgbWF5IHByZXZlbnQgZmFpbG92ZXIgZnJvbSBvY2N1cnJpbmcuDQoNCkNvbmRpdGlv
bnM6DQorLS0tLS0tLS0tLQ0KDQpXaGVuIHRoZSBhY3RpdmUgZmlyZXdhbGwgbG9zZXMgcG93ZXIg
b3IgY3Jhc2hlcywgdGhlIHN0YW5kYnkgZmlyZXdhbGwncyBMQU4NCmZhaWxvdmVyIGludGVyZmFj
ZSB3aWxsIGxvc2UgY29ubmVjdGl2aXR5IHdpdGggdGhlIGFjdGl2ZSBmaXJld2FsbC4gVGhpcyBj
YXVzZXMNCnRoZSBzdGFuZGJ5IGZpcmV3YWxsIHRvIEFSUCBmb3IgdGhlIElQIGFkZHJlc3Mgb2Yg
ZWFjaCBhY3RpdmUgZmlyZXdhbGwNCmludGVyZmFjZS4gVGhlIHN0YW5kYnkgZmlyZXdhbGwgd2ls
bCBvbmx5IGFjY2VwdCB0aGUgQVJQIHJlc3BvbnNlIGlmIHRoZSBzb3VyY2UNCk1BQyBhZGRyZXNz
IG1hdGNoZXMgdGhlIGFjdGl2ZSBmaXJld2FsbCdzIGludGVyZmFjZSBNQUMgYWRkcmVzcy4gQW4g
YXR0YWNrZXINCndobyBjYW4gc3Bvb2YgdGhlIElQIGFkZHJlc3MgYW5kIE1BQyBhZGRyZXNzIG9m
IHRoZSBhY3RpdmUgZmlyZXdhbGwncyBpbnRlcmZhY2UNCmNhbiBsZWFkIHRoZSBzdGFuZGJ5IGZp
cmV3YWxsIHRvIGJlbGlldmUgdGhhdCB0aGUgYWN0aXZlIGZpcmV3YWxsIGlzIHN0aWxsDQpyZWFj
aGFibGUgYW5kIHByZXZlbnQgdGhlIHN0YW5kYnkgZmlyZXdhbGwgZnJvbSB0YWtpbmcgb3Zlci4N
Cg0KV29ya2Fyb3VuZDoNCistLS0tLS0tLS0tDQoNCkNvbmZpZ3VyZSBwb3J0IHNlY3VyaXR5IG9u
IGFsbCBzd2l0Y2ggcG9ydHMgY29uZmlndXJlZCB0byBiZSBpbiB0aGUgc2FtZSB2bGFucw0KYXMg
dGhlIGFjdGl2ZSBhbmQgc3RhbmRieSBmaXJld2FsbHMgZW5hYmxlZCBpbnRlcmZhY2VzLiBQb3J0
IHNlY3VyaXR5IG11c3Qgbm90DQpiZSBlbmFibGVkIG9uIHRoZSBzd2l0Y2ggcG9ydHMgY29ubmVj
dGVkIHRvIHRoZSBhY3RpdmUgYW5kIHN0YW5kYnkgZmlyZXdhbGxzDQppbnRlcmZhY2VzLg0KDQpQ
b3J0IHNlY3VyaXR5IHdpbGwgcHJldmVudCBhbiBhdHRhY2tlciBmcm9tIHNwb29maW5nIHRoZSBh
Y3RpdmUgZmlyZXdhbGwncw0KaW50ZXJmYWNlIE1BQyBhZGRyZXNzIGFsbG93aW5nIGZhaWxvdmVy
IHRvIG9jY3VyIG5vcm1hbGx5Lg0KDQpUaGlzIGNvbmZpZ3VyYXRpb24gc2hvdWxkIGJlIHRlc3Rl
ZCBiZWZvcmUgYmVpbmcgZW5hYmxlZCBpbiBhIHByb2R1Y3Rpb24NCmVudmlyb25tZW50Lg0KDQpG
b3IgaW5mb3JtYXRpb24gb24gY29uZmlndXJpbmcgcG9ydCBzZWN1cml0eSByZWZlciB0bzoNCiAg
IA0KQ2F0YWx5c3QgNjUwMCBTZXJpZXMgQ2lzY28gSU9TIFNvZnR3YXJlIENvbmZpZ3VyYXRpb24g
R3VpZGUNCkNvbmZpZ3VyaW5nIFBvcnQgU2VjdXJpdHkNCmh0dHA6Ly93d3cuY2lzY28uY29tL2Vu
L1VTL3Byb2R1Y3RzL2h3L3N3aXRjaGVzL3BzNzA4L3Byb2R1Y3RzX2NvbmZpZ3VyYXRpb25fZ3Vp
ZGVfY2hhcHRlcjA5MTg2YTAwODAxNjBhMmMuaHRtbA0KDQoNCkNhdGFseXN0IDY1MDAgU2VyaWVz
IFNvZnR3YXJlIENvbmZpZ3VyYXRpb24gR3VpZGUNCkNvbmZpZ3VyaW5nIFBvcnQgU2VjdXJpdHkN
Cmh0dHA6Ly93d3cuY2lzY28uY29tL2VuL1VTL3Byb2R1Y3RzL2h3L3N3aXRjaGVzL3BzNzA4L3By
b2R1Y3RzX2NvbmZpZ3VyYXRpb25fZ3VpZGVfY2hhcHRlcjA5MTg2YTAwODAyMmYyN2IuaHRtbA0K
DQpMQU4gU2VjdXJpdHkNCkNvbmZpZ3VyYXRpb24gR3VpZGVzDQpodHRwOi8vd3d3LmNpc2NvLmNv
bS9lbi9VUy90ZWNoL3RrMzg5L3RrODE0L3RlY2hfY29uZmlndXJhdGlvbl9ndWlkZXNfbGlzdC5o
dG1sDQoNCkZvciBpbmZvcm1hdGlvbiBhYm91dCBsYXllciAyIGF0dGFja3MgYW5kIG1pdGlnYXRp
b25zIHJlZmVyIHRvOg0KDQpTQUZFIExheWVyIDIgU2VjdXJpdHkgSW4tZGVwdGggVmVyc2lvbiAy
DQpodHRwOi8vd3d3LmNpc2NvLmNvbS9lbi9VUy9uZXRzb2wvbnMzNDAvbnMzOTQvbnMxNzEvbnMx
MjgvbmV0d29ya2luZ19zb2x1dGlvbnNfd2hpdGVfcGFwZXIwOTE4NmEwMDgwMTQ4NzBmLnNodG1s
DQoNCg0KQ2lzY28gU2VjdXJpdHkgUHJvY2VkdXJlcw0KPT09PT09PT09PT09PT09PT09PT09PT09
PQ0KDQpDb21wbGV0ZSBpbmZvcm1hdGlvbiBvbiByZXBvcnRpbmcgc2VjdXJpdHkgdnVsbmVyYWJp
bGl0aWVzIGluIENpc2NvIHByb2R1Y3RzLA0Kb2J0YWluaW5nIGFzc2lzdGFuY2Ugd2l0aCBzZWN1
cml0eSBpbmNpZGVudHMsIGFuZCByZWdpc3RlcmluZyB0byByZWNlaXZlDQpzZWN1cml0eSBpbmZv
cm1hdGlvbiBmcm9tIENpc2NvLCBpcyBhdmFpbGFibGUgb24gQ2lzY28ncyB3b3JsZHdpZGUgd2Vi
c2l0ZSBhdCANCmh0dHA6Ly93d3cuY2lzY28uY29tL2VuL1VTL3Byb2R1Y3RzL3Byb2R1Y3RzX3Nl
Y3VyaXR5X3Z1bG5lcmFiaWxpdHlfcG9saWN5Lmh0bWwNCg0KVGhpcyBpbmNsdWRlcyBpbnN0cnVj
dGlvbnMgZm9yIHByZXNzIGlucXVpcmllcyByZWdhcmRpbmcgQ2lzY28gc2VjdXJpdHkNCm5vdGlj
ZXMuIEFsbCBDaXNjbyBzZWN1cml0eSBhZHZpc29yaWVzIGFyZSBhdmFpbGFibGUgYXQgDQpodHRw
Oi8vd3d3LmNpc2NvLmNvbS9nby9wc2lydA0KDQoNCg0KUmVnYXJkcywgDQpSYW5keSANCg0KUmFu
ZHkgSXZlbmVyDQpQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50IFJlc3BvbnNlIFRlYW0gKFBTSVJU
KQ0KQ2lzY28gU3lzdGVtcywgSW5jLg0Kcml2ZW5lckBjaXNjby5jb20gDQpodHRwOi8vd3d3LmNp
c2NvLmNvbS9nby9wc2lydA0KDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVyc2lv
bjogUEdQIDguMQ0KDQppUUEvQXdVQlEza0Y2RzQvRXlERVdoOElFUUtaUUFDZEZ3NGNPZEttQmR6
RzdPeFN2WTZCQnZQQ3JPRUFvT0Z6DQpKbE9IMjlaK1hkcklTZCtHZTJVYlJKMEgNCj0vSVd5DQot
LS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0NCg==
------_=_NextPart_001_01C5E965.956A6BDA--
