[41750] in bugtraq
Re: Unauthenticated EIGRP DoS
daemon@ATHENA.MIT.EDU (Paul Oxman (poxman))
Tue Dec 20 15:18:10 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C604FD.E9D5D0F3"
Date: Tue, 20 Dec 2005 08:39:44 +0800
Message-ID: <BFD4D243999BA5458F6A8AC2CB357505A56B05@xmb-hkg-416.apac.cisco.com>
From: "Paul Oxman (poxman)" <poxman@cisco.com>
To: <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>,
<info@arhont.com>
Cc: "psirt (mailer list)" <psirt@cisco.com>
This is a multi-part message in MIME format.
------_=_NextPart_001_01C604FD.E9D5D0F3
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Response=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
This is Cisco PSIRTs' response to the statements made from Arhont Ltd.
Information Security in their messages:=20
=20
* Unauthenticated EIGRP DoS.
* Authenticated EIGRP DoS / Information leak.
=20
posted on the 2005 December 19th 17:00 UTC (GMT).
The original emails are available at:
* Unauthenticated EIGRP DoS:
=20
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.
html
* Authenticated EIGRP DoS / Information leak:
=20
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.
html
Attached is a cleartext, PGP signed version of this same email.
Cisco confirms the statements made.
=20
These issues are being tracked by two Cisco Bug IDs:
=20
CSCsc13698 -- directed DoS attack employing the EIGRP "Goodbye Message"
CSCsc13724 -- Authenticated EIGRP DoS attack/Information Leakage
=20
We would like to thank Arhont Ltd. Information Security, especially=20
Konstantin V. Gavrilenko and Andrew A. Vladimirov for reporting these=20
issues to us.
=20
We greatly appreciate the opportunity to work with researchers on
security
vulnerabilities, and welcome the opportunity to review and assist in=20
product reports.=20
Additional Information
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Posting: Unauthenticated EIGRP DoS
+---------------------------------
Original Posting:=20
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.
html
Cisco confirms the reports made by Arhont Ltd.
Within this article two separate vulnerabilities are raised:
a) EIGRP ARP DoS attacks
Reference is drawn to "http://www.securityfocus.com/bid/6443", which=20
discusses EIGRP ARP DoS attacks. This topic has been previously=20
addressed by Cisco. Please refer to:=20
=20
http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a
008011c5e1.html
This is documented in Cisco Bug ID: "CSCsc15285 -- EIGRP ARP DoS"
No additional information is available at this time.
b) Directed DoS attack employing the EIGRP "Goodbye Message"
The EIGRP implementation in all versions of IOS is vulnerable to a
denial of service on selective neighbors, if it receives a spoofed=20
neighbor announcement with either mismatched "k" values, or "Goodbye
Message" TLV .=20
=20
Forged packets can be injected into a network from a location outside
its boundary so that they are trusted as authentic by the receiving=20
host, thus resulting in a failure of integrity. Such packets could=20
result in routing neighbor relationships being torn down and
reformed.
=20
Repeated exploitation could result in a sustained DoS attack. From a
position within the network where it is possible to receive the
return
traffic or create neighbor establishments (but not necessarily in a=20
position that is directly in the traffic path), a greater range of=20
violations is possible. For example, the contents of a message could=20
be diverted, modified, and then returned to the traffic flow again,=20
causing a failure of integrity and a possible failure of=20
confidentiality.
=20
EIGRP can operate in two modes - Unicast Hellos; Multicast Hellos.
=20
IOS versions 12.0(7)T and later, unicast hellos will be rejected
unless
explicitly configured in the neighbor statements. Once static
neighbors
are configured, IOS will only accept hello packets from defined
neighbors.=20
=20
Cisco is tracking this report as part of:
CSCsc13698 -- directed DoS attack employing the EIGRP "Goodbye
Message"
Cisco recommends protecting from forged source neighbor packets
leveraging MD5 authentication and/or infrastructure protection
schemes.=20
=20
Within the workarounds section the following will apply:
=20
* Static configured EIGRP neighbors (IOS versions 12.0(7)T and
later)
* Blocking access to the core infrastructure
* Configure anti-spoofing measures on the network edge=20
* 802.1x based port security=20
* MD5 Neighbor Authentication =20
Posting: Authenticated EIGRP DoS/Information leak
+------------------------------------------------
=20
Original Posting:=20
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.
html
=20
Cisco confirms the reports made by Arhont Ltd.
=20
- From a position within an EIGRP authenticated AS where it is possible
to=20
receive/listen to EIGRP Hello Updates, it is possible, with reply
attacks,=20
to forge illegitimate hello packets in an authenticated AS. This can
result
in additional information about the EIGRP domain being collected from
the
triggered UPDATE packets, by the malicious device. This could also
result in
carrying out similar DoS attacks as per "CSCsc15285 -- EIGRP ARP DoS",=20
however within an authenticated AS.
Cisco recommends proper securing of the IGP routers. Mechanisms such as
port
security or 802.1x may be used to ensure only valid routing devices are=20
connected to the common segments.
Cisco is tracking this report as part of:
CSCsc13724 -- Authenticated EIGRP DoS attack/Information Leakage
Within the workarounds Section the following will apply:
* Blocking access to the core infrastructure
* 802.1x based port security=20
=20
Workarounds
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ensuring that the infrastructure devices are protected, by both local
and
remote access means will help mitigate these vulnerabilities.
Blocking access to the core infrastructure
+-----------------------------------------=20
Although it is often difficult to block traffic transiting your network,
it
is possible to identify traffic which should never be allowed to target
your
infrastructure devices and block that traffic at the border of your
network.=20
Infrastructure access control lists (ACLs) are considered a network
security
best practice and should be considered as a long-term addition to good=20
network security as well as a workaround for this specific
vulnerability.=20
The white paper entitled:
"Protecting Your Core: Infrastructure Protection Access Control Lists",=20
available at http://www.cisco.com/warp/public/707/iacl.html, presents=20
guidelines and recommended deployment techniques for infrastructure=20
protection ACLs. Exceptions would include any devices which have a
legitimate
reason to access your infrastructure (for example, BGP peers, NTP
sources,=20
DNS serves, and so on). All other traffic must be able to traverse your=20
network without terminating on any of your devices.
=20
Configure anti-spoofing measures on the network edge=20
+---------------------------------------------------
In order for an adversary to use the attack vector described in this
advisory,
it must send packets with the source IP address equal to one of the IP=20
addresses in the subnet of the EIGRP neighbors. You can block spoofed
packets
either using the Unicast Reverse Path Forwarding (uRPF) feature or by
using=20
access control lists (ACLs).=20
By enabling uRPF, all spoofed packets will be dropped at the first
device.=20
To enable uRPF, use the following commands:=20
router(config)#ip cef
router(config)#ip verify unicast reverse-path </pre>
The configuration guide, available at:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configur
ation_guide_chapter09186a00804b046b.html
presents guidelines on how uRPF works and how to configure it in various
scenarios. This is especially important if you are using asymmetric
routing.=20
ACLs should also be deployed as close to the edge as possible. Unlike
uRPF,=20
you must specify the exact IP range that is permitted. Specifying which=20
addresses should be blocked is not the optimal solution because it tends
to=20
be harder to maintain.
=20
Caution: In order for anti-spoofing measures to be effective, they must
be=20
deployed at least one hop away from the devices which are being
protected. Ideally, they will be deployed at the network edge
facing=20
your customers.
=20
802.1x based port security=20
+-------------------------
To prevent unauthorized local access to the routing subnets that the
EIGRP
neighbor relationships exist on, deploying 802.1x on the router and
switches
(in 802.1x mutual authentication) would help mitigate any local attacks.
For further information on how to configure 802.1x and products
supported=20
refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft
/123limit/123x/123xa/gt_802_1.htm#wp1166017
Static defined peers
+-------------------
If neighbors are explicitly configured post integration of CSCdm81710=20
(IOS versions 12.0(7)T or later), this acts as a workaround for these=20
vulnerabilities. Pre CSCdm81710, explicit neighbors are still subject to
DoS attacks of this nature.=20
Example post CSCdm81710:
router eigrp 1
network 192.168.1.0
network 192.168.66.0
neighbor 192.168.66.2 FastEthernet0/0
neighbor 192.168.66.1 FastEthernet0/0
no auto-summary
=20
For further information on Static defined EIGRP neighbors refer to:=20
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/1
23tip2r/ip2_n1gt.htm#wp1110498
MD5 Neighbor Authentication=20
+--------------------------
Enabling MD5, will mitigate remote malicious tear down of neighbors, by
the=20
methods described within this document.
=20
For further information on MD5 EIGRP Neighbor Authentication refer to:=20
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/1
23tip2r/ip2_i1gt.htm#wp1106697
Cisco Security Procedures
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering
to
receive security information from Cisco, is available on Cisco's
worldwide
website at:
"http://www.cisco.com/en/US/products/products_security_vulnerability_pol
icy.html"
This includes instructions for press inquiries regarding Cisco security
responses. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ6dPA3sxqM8ytrWQEQLWYgCgyjX8d2wlcy7X0p+punRpEx8XuNIAoJHl
zdgDiSjTuzaPLdnXgayxeDvF
=3DrOWF
-----END PGP SIGNATURE-----
=20
------_=_NextPart_001_01C604FD.E9D5D0F3
Content-Type: application/octet-stream;
name="Cisco_Full_Disclosure_eigrp.txt.asc"
Content-Transfer-Encoding: base64
Content-Description: Cisco_Full_Disclosure_eigrp.txt.asc
Content-Disposition: attachment;
filename="Cisco_Full_Disclosure_eigrp.txt.asc"
LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMQ0KDQpDaXNjbyBS
ZXNwb25zZSANCj09PT09PT09PT09PT09IA0KDQpUaGlzIGlzIENpc2NvIFBTSVJUcycgcmVzcG9u
c2UgdG8gdGhlIHN0YXRlbWVudHMgbWFkZSBmcm9tIEFyaG9udCBMdGQuDQpJbmZvcm1hdGlvbiBT
ZWN1cml0eSBpbiB0aGVpciBtZXNzYWdlczogDQogIA0KICAgICogVW5hdXRoZW50aWNhdGVkIEVJ
R1JQIERvUy4NCiAgICAqIEF1dGhlbnRpY2F0ZWQgRUlHUlAgRG9TIC8gSW5mb3JtYXRpb24gbGVh
ay4NCiAgDQpwb3N0ZWQgb24gdGhlIDIwMDUgRGVjZW1iZXIgMTl0aCAxNzowMCBVVEMgKEdNVCku
DQoNClRoZSBvcmlnaW5hbCBlbWFpbHMgYXJlIGF2YWlsYWJsZSBhdDoNCg0KICAgICogVW5hdXRo
ZW50aWNhdGVkIEVJR1JQIERvUzoNCiAgICAgIGh0dHA6Ly9saXN0cy5ncm9rLm9yZy51ay9waXBl
cm1haWwvZnVsbC1kaXNjbG9zdXJlLzIwMDUtRGVjZW1iZXIvMDQwMzMwLmh0bWwNCiAgICAqIEF1
dGhlbnRpY2F0ZWQgRUlHUlAgRG9TIC8gSW5mb3JtYXRpb24gbGVhazoNCiAgICAgIGh0dHA6Ly9s
aXN0cy5ncm9rLm9yZy51ay9waXBlcm1haWwvZnVsbC1kaXNjbG9zdXJlLzIwMDUtRGVjZW1iZXIv
MDQwMzMyLmh0bWwNCg0KQXR0YWNoZWQgaXMgYSBjbGVhcnRleHQsIFBHUCBzaWduZWQgdmVyc2lv
biBvZiB0aGlzIHNhbWUgZW1haWwuDQoNCkNpc2NvIGNvbmZpcm1zIHRoZSBzdGF0ZW1lbnRzIG1h
ZGUuDQogDQpUaGVzZSBpc3N1ZXMgYXJlIGJlaW5nIHRyYWNrZWQgYnkgdHdvIENpc2NvIEJ1ZyBJ
RHM6DQogIA0KIENTQ3NjMTM2OTggLS0gZGlyZWN0ZWQgRG9TIGF0dGFjayBlbXBsb3lpbmcgdGhl
IEVJR1JQICJHb29kYnllIE1lc3NhZ2UiDQogQ1NDc2MxMzcyNCAtLSBBdXRoZW50aWNhdGVkIEVJ
R1JQIERvUyBhdHRhY2svSW5mb3JtYXRpb24gTGVha2FnZQ0KICANCldlIHdvdWxkIGxpa2UgdG8g
dGhhbmsgQXJob250IEx0ZC4gIEluZm9ybWF0aW9uIFNlY3VyaXR5LCBlc3BlY2lhbGx5IA0KS29u
c3RhbnRpbiBWLiBHYXZyaWxlbmtvIGFuZCBBbmRyZXcgQS4gVmxhZGltaXJvdiBmb3IgcmVwb3J0
aW5nIHRoZXNlIA0KaXNzdWVzIHRvIHVzLg0KICANCldlIGdyZWF0bHkgYXBwcmVjaWF0ZSB0aGUg
b3Bwb3J0dW5pdHkgdG8gd29yayB3aXRoIHJlc2VhcmNoZXJzIG9uIHNlY3VyaXR5DQp2dWxuZXJh
YmlsaXRpZXMsIGFuZCB3ZWxjb21lIHRoZSBvcHBvcnR1bml0eSB0byByZXZpZXcgYW5kIGFzc2lz
dCBpbiANCnByb2R1Y3QgcmVwb3J0cy4gDQoNCkFkZGl0aW9uYWwgSW5mb3JtYXRpb24NCj09PT09
PT09PT09PT09PT09PT09PT0NCg0KUG9zdGluZzogVW5hdXRoZW50aWNhdGVkIEVJR1JQIERvUw0K
Ky0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpPcmlnaW5hbCBQb3N0aW5nOiAN
Cmh0dHA6Ly9saXN0cy5ncm9rLm9yZy51ay9waXBlcm1haWwvZnVsbC1kaXNjbG9zdXJlLzIwMDUt
RGVjZW1iZXIvMDQwMzMwLmh0bWwNCg0KQ2lzY28gY29uZmlybXMgdGhlIHJlcG9ydHMgbWFkZSBi
eSBBcmhvbnQgTHRkLg0KDQpXaXRoaW4gdGhpcyBhcnRpY2xlIHR3byBzZXBhcmF0ZSB2dWxuZXJh
YmlsaXRpZXMgYXJlIHJhaXNlZDoNCg0KYSkgRUlHUlAgQVJQIERvUyBhdHRhY2tzDQogICBSZWZl
cmVuY2UgaXMgZHJhd24gdG8gImh0dHA6Ly93d3cuc2VjdXJpdHlmb2N1cy5jb20vYmlkLzY0NDMi
LCB3aGljaCANCiAgIGRpc2N1c3NlcyBFSUdSUCBBUlAgRG9TIGF0dGFja3MuIFRoaXMgdG9waWMg
aGFzIGJlZW4gcHJldmlvdXNseSANCiAgIGFkZHJlc3NlZCBieSBDaXNjby4gUGxlYXNlIHJlZmVy
IHRvOiANCiAgIGh0dHA6Ly93d3cuY2lzY28uY29tL2VuL1VTL3RlY2gvdGszNjUvdGVjaG5vbG9n
aWVzX3NlY3VyaXR5X25vdGljZTA5MTg2YTAwODAxMWM1ZTEuaHRtbA0KDQogICBUaGlzIGlzIGRv
Y3VtZW50ZWQgaW4gQ2lzY28gQnVnIElEOiAiQ1NDc2MxNTI4NSAtLSBFSUdSUCBBUlAgRG9TIg0K
ICAgTm8gYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBpcyBhdmFpbGFibGUgYXQgdGhpcyB0aW1lLg0K
DQpiKSBEaXJlY3RlZCBEb1MgYXR0YWNrIGVtcGxveWluZyB0aGUgRUlHUlAgIkdvb2RieWUgTWVz
c2FnZSINCiAgIFRoZSBFSUdSUCBpbXBsZW1lbnRhdGlvbiBpbiBhbGwgdmVyc2lvbnMgb2YgSU9T
IGlzIHZ1bG5lcmFibGUgdG8gYQ0KICAgZGVuaWFsIG9mIHNlcnZpY2Ugb24gc2VsZWN0aXZlIG5l
aWdoYm9ycywgaWYgaXQgcmVjZWl2ZXMgYSBzcG9vZmVkIA0KICAgbmVpZ2hib3IgYW5ub3VuY2Vt
ZW50IHdpdGggZWl0aGVyIG1pc21hdGNoZWQgImsiIHZhbHVlcywgb3IgIkdvb2RieWUNCiAgIE1l
c3NhZ2UiIFRMViAuIA0KICAgIA0KICAgRm9yZ2VkIHBhY2tldHMgY2FuIGJlIGluamVjdGVkIGlu
dG8gYSBuZXR3b3JrIGZyb20gYSBsb2NhdGlvbiBvdXRzaWRlDQogICBpdHMgYm91bmRhcnkgc28g
dGhhdCB0aGV5IGFyZSB0cnVzdGVkIGFzIGF1dGhlbnRpYyBieSB0aGUgcmVjZWl2aW5nIA0KICAg
aG9zdCwgdGh1cyByZXN1bHRpbmcgaW4gYSBmYWlsdXJlIG9mIGludGVncml0eS4gU3VjaCBwYWNr
ZXRzIGNvdWxkIA0KICAgcmVzdWx0IGluIHJvdXRpbmcgbmVpZ2hib3IgcmVsYXRpb25zaGlwcyBi
ZWluZyB0b3JuIGRvd24gYW5kIHJlZm9ybWVkLg0KICAgDQogICBSZXBlYXRlZCBleHBsb2l0YXRp
b24gY291bGQgcmVzdWx0IGluIGEgc3VzdGFpbmVkIERvUyBhdHRhY2suIEZyb20gYQ0KICAgcG9z
aXRpb24gd2l0aGluIHRoZSBuZXR3b3JrIHdoZXJlIGl0IGlzIHBvc3NpYmxlIHRvIHJlY2VpdmUg
dGhlIHJldHVybg0KICAgdHJhZmZpYyBvciBjcmVhdGUgbmVpZ2hib3IgZXN0YWJsaXNobWVudHMg
KGJ1dCBub3QgbmVjZXNzYXJpbHkgaW4gYSANCiAgIHBvc2l0aW9uIHRoYXQgaXMgZGlyZWN0bHkg
aW4gdGhlIHRyYWZmaWMgcGF0aCksIGEgZ3JlYXRlciByYW5nZSBvZiANCiAgIHZpb2xhdGlvbnMg
aXMgcG9zc2libGUuIEZvciBleGFtcGxlLCB0aGUgY29udGVudHMgb2YgYSBtZXNzYWdlIGNvdWxk
IA0KICAgYmUgZGl2ZXJ0ZWQsIG1vZGlmaWVkLCBhbmQgdGhlbiByZXR1cm5lZCB0byB0aGUgdHJh
ZmZpYyBmbG93IGFnYWluLCANCiAgIGNhdXNpbmcgYSBmYWlsdXJlIG9mIGludGVncml0eSBhbmQg
YSBwb3NzaWJsZSBmYWlsdXJlIG9mIA0KICAgY29uZmlkZW50aWFsaXR5Lg0KICAgIA0KICAgRUlH
UlAgY2FuIG9wZXJhdGUgaW4gdHdvIG1vZGVzIC0gVW5pY2FzdCBIZWxsb3M7IE11bHRpY2FzdCBI
ZWxsb3MuDQogICANCiAgIElPUyB2ZXJzaW9ucyAxMi4wKDcpVCBhbmQgbGF0ZXIsIHVuaWNhc3Qg
aGVsbG9zIHdpbGwgYmUgcmVqZWN0ZWQgdW5sZXNzDQogICBleHBsaWNpdGx5IGNvbmZpZ3VyZWQg
aW4gdGhlIG5laWdoYm9yIHN0YXRlbWVudHMuIE9uY2Ugc3RhdGljIG5laWdoYm9ycw0KICAgYXJl
IGNvbmZpZ3VyZWQsIElPUyB3aWxsIG9ubHkgYWNjZXB0IGhlbGxvIHBhY2tldHMgZnJvbSBkZWZp
bmVkIG5laWdoYm9ycy4gDQogICANCiAgICBDaXNjbyBpcyB0cmFja2luZyB0aGlzIHJlcG9ydCBh
cyBwYXJ0IG9mOg0KICAgIENTQ3NjMTM2OTggLS0gZGlyZWN0ZWQgRG9TIGF0dGFjayBlbXBsb3lp
bmcgdGhlIEVJR1JQICJHb29kYnllIE1lc3NhZ2UiDQoNCiAgICBDaXNjbyByZWNvbW1lbmRzIHBy
b3RlY3RpbmcgZnJvbSBmb3JnZWQgc291cmNlIG5laWdoYm9yIHBhY2tldHMNCiAgICBsZXZlcmFn
aW5nIE1ENSBhdXRoZW50aWNhdGlvbiBhbmQvb3IgaW5mcmFzdHJ1Y3R1cmUgcHJvdGVjdGlvbiBz
Y2hlbWVzLiANCiAgICANCiAgICBXaXRoaW4gdGhlIHdvcmthcm91bmRzIHNlY3Rpb24gdGhlIGZv
bGxvd2luZyB3aWxsIGFwcGx5Og0KICAgICANCiAgICAqIFN0YXRpYyBjb25maWd1cmVkIEVJR1JQ
IG5laWdoYm9ycyAoSU9TIHZlcnNpb25zIDEyLjAoNylUIGFuZCBsYXRlcikNCiAgICAqIEJsb2Nr
aW5nIGFjY2VzcyB0byB0aGUgY29yZSBpbmZyYXN0cnVjdHVyZQ0KICAgICogQ29uZmlndXJlIGFu
dGktc3Bvb2ZpbmcgbWVhc3VyZXMgb24gdGhlIG5ldHdvcmsgZWRnZSANCiAgICAqIDgwMi4xeCBi
YXNlZCBwb3J0IHNlY3VyaXR5IA0KICAgICogTUQ1IE5laWdoYm9yIEF1dGhlbnRpY2F0aW9uICAg
IA0KDQpQb3N0aW5nOiBBdXRoZW50aWNhdGVkIEVJR1JQIERvUy9JbmZvcm1hdGlvbiBsZWFrDQor
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQogIA0KT3Jp
Z2luYWwgUG9zdGluZzogDQpodHRwOi8vbGlzdHMuZ3Jvay5vcmcudWsvcGlwZXJtYWlsL2Z1bGwt
ZGlzY2xvc3VyZS8yMDA1LURlY2VtYmVyLzA0MDMzMi5odG1sDQogICAgDQpDaXNjbyBjb25maXJt
cyB0aGUgcmVwb3J0cyBtYWRlIGJ5IEFyaG9udCBMdGQuDQogICAgDQotIEZyb20gYSBwb3NpdGlv
biB3aXRoaW4gYW4gRUlHUlAgYXV0aGVudGljYXRlZCBBUyB3aGVyZSBpdCBpcyBwb3NzaWJsZSB0
byANCnJlY2VpdmUvbGlzdGVuIHRvIEVJR1JQIEhlbGxvIFVwZGF0ZXMsIGl0IGlzIHBvc3NpYmxl
LCB3aXRoIHJlcGx5IGF0dGFja3MsIA0KdG8gZm9yZ2UgaWxsZWdpdGltYXRlIGhlbGxvIHBhY2tl
dHMgaW4gYW4gYXV0aGVudGljYXRlZCBBUy4gVGhpcyBjYW4gcmVzdWx0DQppbiBhZGRpdGlvbmFs
IGluZm9ybWF0aW9uIGFib3V0IHRoZSBFSUdSUCBkb21haW4gYmVpbmcgY29sbGVjdGVkIGZyb20g
dGhlDQp0cmlnZ2VyZWQgVVBEQVRFIHBhY2tldHMsIGJ5IHRoZSBtYWxpY2lvdXMgZGV2aWNlLiBU
aGlzIGNvdWxkIGFsc28gcmVzdWx0IGluDQpjYXJyeWluZyBvdXQgc2ltaWxhciBEb1MgYXR0YWNr
cyBhcyBwZXIgIkNTQ3NjMTUyODUgLS0gRUlHUlAgQVJQIERvUyIsIA0KaG93ZXZlciB3aXRoaW4g
YW4gYXV0aGVudGljYXRlZCBBUy4NCg0KQ2lzY28gcmVjb21tZW5kcyBwcm9wZXIgc2VjdXJpbmcg
b2YgdGhlIElHUCByb3V0ZXJzLiBNZWNoYW5pc21zIHN1Y2ggYXMgcG9ydA0Kc2VjdXJpdHkgb3Ig
ODAyLjF4IG1heSBiZSB1c2VkIHRvIGVuc3VyZSBvbmx5IHZhbGlkIHJvdXRpbmcgZGV2aWNlcyBh
cmUgDQpjb25uZWN0ZWQgdG8gdGhlIGNvbW1vbiBzZWdtZW50cy4NCg0KQ2lzY28gaXMgdHJhY2tp
bmcgdGhpcyByZXBvcnQgYXMgcGFydCBvZjoNCkNTQ3NjMTM3MjQgLS0gQXV0aGVudGljYXRlZCBF
SUdSUCBEb1MgYXR0YWNrL0luZm9ybWF0aW9uIExlYWthZ2UNCg0KV2l0aGluIHRoZSB3b3JrYXJv
dW5kcyBTZWN0aW9uIHRoZSBmb2xsb3dpbmcgd2lsbCBhcHBseToNCiogQmxvY2tpbmcgYWNjZXNz
IHRvIHRoZSBjb3JlIGluZnJhc3RydWN0dXJlDQoqIDgwMi4xeCBiYXNlZCBwb3J0IHNlY3VyaXR5
IA0KICAgIA0KDQpXb3JrYXJvdW5kcw0KPT09PT09PT09PT0NCg0KRW5zdXJpbmcgdGhhdCB0aGUg
aW5mcmFzdHJ1Y3R1cmUgZGV2aWNlcyBhcmUgcHJvdGVjdGVkLCBieSBib3RoIGxvY2FsIGFuZA0K
cmVtb3RlIGFjY2VzcyBtZWFucyB3aWxsIGhlbHAgbWl0aWdhdGUgdGhlc2UgdnVsbmVyYWJpbGl0
aWVzLg0KDQpCbG9ja2luZyBhY2Nlc3MgdG8gdGhlIGNvcmUgaW5mcmFzdHJ1Y3R1cmUNCistLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSANCkFsdGhvdWdoIGl0IGlzIG9m
dGVuIGRpZmZpY3VsdCB0byBibG9jayB0cmFmZmljIHRyYW5zaXRpbmcgeW91ciBuZXR3b3JrLCBp
dA0KaXMgcG9zc2libGUgdG8gaWRlbnRpZnkgdHJhZmZpYyB3aGljaCBzaG91bGQgbmV2ZXIgYmUg
YWxsb3dlZCB0byB0YXJnZXQgeW91cg0KaW5mcmFzdHJ1Y3R1cmUgZGV2aWNlcyBhbmQgYmxvY2sg
dGhhdCB0cmFmZmljIGF0IHRoZSBib3JkZXIgb2YgeW91ciBuZXR3b3JrLiANCg0KSW5mcmFzdHJ1
Y3R1cmUgYWNjZXNzIGNvbnRyb2wgbGlzdHMgKEFDTHMpIGFyZSBjb25zaWRlcmVkIGEgbmV0d29y
ayBzZWN1cml0eQ0KYmVzdCBwcmFjdGljZSBhbmQgc2hvdWxkIGJlIGNvbnNpZGVyZWQgYXMgYSBs
b25nLXRlcm0gYWRkaXRpb24gdG8gZ29vZCANCm5ldHdvcmsgc2VjdXJpdHkgYXMgd2VsbCBhcyBh
IHdvcmthcm91bmQgZm9yIHRoaXMgc3BlY2lmaWMgdnVsbmVyYWJpbGl0eS4gDQoNClRoZSB3aGl0
ZSBwYXBlciBlbnRpdGxlZDoNCiJQcm90ZWN0aW5nIFlvdXIgQ29yZTogSW5mcmFzdHJ1Y3R1cmUg
UHJvdGVjdGlvbiBBY2Nlc3MgQ29udHJvbCBMaXN0cyIsIA0KYXZhaWxhYmxlIGF0IGh0dHA6Ly93
d3cuY2lzY28uY29tL3dhcnAvcHVibGljLzcwNy9pYWNsLmh0bWwsIHByZXNlbnRzIA0KZ3VpZGVs
aW5lcyBhbmQgcmVjb21tZW5kZWQgZGVwbG95bWVudCB0ZWNobmlxdWVzIGZvciBpbmZyYXN0cnVj
dHVyZSANCnByb3RlY3Rpb24gQUNMcy4gRXhjZXB0aW9ucyB3b3VsZCBpbmNsdWRlIGFueSBkZXZp
Y2VzIHdoaWNoIGhhdmUgYSBsZWdpdGltYXRlDQpyZWFzb24gdG8gYWNjZXNzIHlvdXIgaW5mcmFz
dHJ1Y3R1cmUgKGZvciBleGFtcGxlLCBCR1AgcGVlcnMsIE5UUCBzb3VyY2VzLCANCkROUyBzZXJ2
ZXMsIGFuZCBzbyBvbikuIEFsbCBvdGhlciB0cmFmZmljIG11c3QgYmUgYWJsZSB0byB0cmF2ZXJz
ZSB5b3VyIA0KbmV0d29yayB3aXRob3V0IHRlcm1pbmF0aW5nIG9uIGFueSBvZiB5b3VyIGRldmlj
ZXMuDQogDQpDb25maWd1cmUgYW50aS1zcG9vZmluZyBtZWFzdXJlcyBvbiB0aGUgbmV0d29yayBl
ZGdlIA0KKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KSW4gb3JkZXIgZm9yIGFuIGFkdmVyc2FyeSB0byB1c2UgdGhlIGF0dGFjayB2ZWN0b3IgZGVz
Y3JpYmVkIGluIHRoaXMgYWR2aXNvcnksDQppdCBtdXN0IHNlbmQgcGFja2V0cyB3aXRoIHRoZSBz
b3VyY2UgSVAgYWRkcmVzcyBlcXVhbCB0byBvbmUgb2YgdGhlIElQIA0KYWRkcmVzc2VzIGluIHRo
ZSBzdWJuZXQgb2YgdGhlIEVJR1JQIG5laWdoYm9ycy4gWW91IGNhbiBibG9jayBzcG9vZmVkIHBh
Y2tldHMNCmVpdGhlciB1c2luZyB0aGUgVW5pY2FzdCBSZXZlcnNlIFBhdGggRm9yd2FyZGluZyAo
dVJQRikgZmVhdHVyZSBvciBieSB1c2luZyANCmFjY2VzcyBjb250cm9sIGxpc3RzIChBQ0xzKS4g
DQoNCkJ5IGVuYWJsaW5nIHVSUEYsIGFsbCBzcG9vZmVkIHBhY2tldHMgd2lsbCBiZSBkcm9wcGVk
IGF0IHRoZSBmaXJzdCBkZXZpY2UuIA0KVG8gZW5hYmxlIHVSUEYsIHVzZSB0aGUgZm9sbG93aW5n
IGNvbW1hbmRzOiANCg0KIHJvdXRlcihjb25maWcpI2lwIGNlZg0KIHJvdXRlcihjb25maWcpI2lw
IHZlcmlmeSB1bmljYXN0IHJldmVyc2UtcGF0aCA8L3ByZT4NCg0KVGhlIGNvbmZpZ3VyYXRpb24g
Z3VpZGUsIGF2YWlsYWJsZSBhdDoNCmh0dHA6Ly93d3cuY2lzY28uY29tL2VuL1VTL3Byb2R1Y3Rz
L3N3L2lvc3N3cmVsL3BzMTgzNS9wcm9kdWN0c19jb25maWd1cmF0aW9uX2d1aWRlX2NoYXB0ZXIw
OTE4NmEwMDgwNGIwNDZiLmh0bWwNCnByZXNlbnRzIGd1aWRlbGluZXMgb24gaG93IHVSUEYgd29y
a3MgYW5kIGhvdyB0byBjb25maWd1cmUgaXQgaW4gdmFyaW91cyANCnNjZW5hcmlvcy4gVGhpcyBp
cyBlc3BlY2lhbGx5IGltcG9ydGFudCBpZiB5b3UgYXJlIHVzaW5nIGFzeW1tZXRyaWMgcm91dGlu
Zy4gDQoNCkFDTHMgc2hvdWxkIGFsc28gYmUgZGVwbG95ZWQgYXMgY2xvc2UgdG8gdGhlIGVkZ2Ug
YXMgcG9zc2libGUuIFVubGlrZSB1UlBGLCANCnlvdSBtdXN0IHNwZWNpZnkgdGhlIGV4YWN0IElQ
IHJhbmdlIHRoYXQgaXMgcGVybWl0dGVkLiBTcGVjaWZ5aW5nIHdoaWNoIA0KYWRkcmVzc2VzIHNo
b3VsZCBiZSBibG9ja2VkIGlzIG5vdCB0aGUgb3B0aW1hbCBzb2x1dGlvbiBiZWNhdXNlIGl0IHRl
bmRzIHRvIA0KYmUgaGFyZGVyIHRvIG1haW50YWluLg0KIA0KQ2F1dGlvbjogSW4gb3JkZXIgZm9y
IGFudGktc3Bvb2ZpbmcgbWVhc3VyZXMgdG8gYmUgZWZmZWN0aXZlLCB0aGV5IG11c3QgYmUgDQog
ICAgICAgICBkZXBsb3llZCBhdCBsZWFzdCBvbmUgaG9wIGF3YXkgZnJvbSB0aGUgZGV2aWNlcyB3
aGljaCBhcmUgYmVpbmcgDQogICAgICAgICBwcm90ZWN0ZWQuIElkZWFsbHksIHRoZXkgd2lsbCBi
ZSBkZXBsb3llZCBhdCB0aGUgbmV0d29yayBlZGdlIGZhY2luZyANCiAgICAgICAgIHlvdXIgY3Vz
dG9tZXJzLg0KICAgIA0KODAyLjF4IGJhc2VkIHBvcnQgc2VjdXJpdHkgDQorLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLQ0KVG8gcHJldmVudCB1bmF1dGhvcml6ZWQgbG9jYWwgYWNjZXNzIHRvIHRo
ZSByb3V0aW5nIHN1Ym5ldHMgdGhhdCB0aGUgRUlHUlANCm5laWdoYm9yIHJlbGF0aW9uc2hpcHMg
ZXhpc3Qgb24sIGRlcGxveWluZyA4MDIuMXggb24gdGhlIHJvdXRlciBhbmQgc3dpdGNoZXMNCihp
biA4MDIuMXggbXV0dWFsIGF1dGhlbnRpY2F0aW9uKSB3b3VsZCBoZWxwIG1pdGlnYXRlIGFueSBs
b2NhbCBhdHRhY2tzLiANCg0KRm9yIGZ1cnRoZXIgaW5mb3JtYXRpb24gb24gaG93IHRvIGNvbmZp
Z3VyZSA4MDIuMXggYW5kIHByb2R1Y3RzIHN1cHBvcnRlZCANCnJlZmVyIHRvOg0KaHR0cDovL3d3
dy5jaXNjby5jb20vdW5pdmVyY2QvY2MvdGQvZG9jL3Byb2R1Y3Qvc29mdHdhcmUvaW9zMTIzLzEy
M25ld2Z0LzEyM2xpbWl0LzEyM3gvMTIzeGEvZ3RfODAyXzEuaHRtI3dwMTE2NjAxNw0KDQpTdGF0
aWMgZGVmaW5lZCBwZWVycw0KKy0tLS0tLS0tLS0tLS0tLS0tLS0NCklmIG5laWdoYm9ycyBhcmUg
ZXhwbGljaXRseSBjb25maWd1cmVkIHBvc3QgaW50ZWdyYXRpb24gb2YgQ1NDZG04MTcxMCANCihJ
T1MgdmVyc2lvbnMgMTIuMCg3KVQgb3IgbGF0ZXIpLCB0aGlzIGFjdHMgYXMgYSB3b3JrYXJvdW5k
IGZvciB0aGVzZSANCnZ1bG5lcmFiaWxpdGllcy4gUHJlIENTQ2RtODE3MTAsIGV4cGxpY2l0IG5l
aWdoYm9ycyBhcmUgc3RpbGwgc3ViamVjdCB0byANCkRvUyBhdHRhY2tzIG9mIHRoaXMgbmF0dXJl
LiANCg0KRXhhbXBsZSBwb3N0IENTQ2RtODE3MTA6DQoNCiByb3V0ZXIgZWlncnAgMQ0KIG5ldHdv
cmsgMTkyLjE2OC4xLjANCiBuZXR3b3JrIDE5Mi4xNjguNjYuMA0KIG5laWdoYm9yIDE5Mi4xNjgu
NjYuMiBGYXN0RXRoZXJuZXQwLzANCiBuZWlnaGJvciAxOTIuMTY4LjY2LjEgRmFzdEV0aGVybmV0
MC8wDQogbm8gYXV0by1zdW1tYXJ5DQogICAgDQpGb3IgZnVydGhlciBpbmZvcm1hdGlvbiBvbiBT
dGF0aWMgZGVmaW5lZCBFSUdSUCBuZWlnaGJvcnMgcmVmZXIgdG86IA0KaHR0cDovL3d3dy5jaXNj
by5jb20vdW5pdmVyY2QvY2MvdGQvZG9jL3Byb2R1Y3Qvc29mdHdhcmUvaW9zMTIzLzEyM3Rjci8x
MjN0aXAyci9pcDJfbjFndC5odG0jd3AxMTEwNDk4DQoNCk1ENSBOZWlnaGJvciBBdXRoZW50aWNh
dGlvbiANCistLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KRW5hYmxpbmcgTUQ1LCB3aWxsIG1p
dGlnYXRlIHJlbW90ZSBtYWxpY2lvdXMgdGVhciBkb3duIG9mIG5laWdoYm9ycywgYnkgdGhlIA0K
bWV0aG9kcyBkZXNjcmliZWQgd2l0aGluIHRoaXMgZG9jdW1lbnQuDQogICAgDQpGb3IgZnVydGhl
ciBpbmZvcm1hdGlvbiBvbiBNRDUgRUlHUlAgTmVpZ2hib3IgQXV0aGVudGljYXRpb24gcmVmZXIg
dG86IA0KaHR0cDovL3d3dy5jaXNjby5jb20vdW5pdmVyY2QvY2MvdGQvZG9jL3Byb2R1Y3Qvc29m
dHdhcmUvaW9zMTIzLzEyM3Rjci8xMjN0aXAyci9pcDJfaTFndC5odG0jd3AxMTA2Njk3DQoNCkNp
c2NvIFNlY3VyaXR5IFByb2NlZHVyZXMNCj09PT09PT09PT09PT09PT09PT09PT09PT0NCkNvbXBs
ZXRlIGluZm9ybWF0aW9uIG9uIHJlcG9ydGluZyBzZWN1cml0eSB2dWxuZXJhYmlsaXRpZXMgaW4g
Q2lzY28NCnByb2R1Y3RzLCBvYnRhaW5pbmcgYXNzaXN0YW5jZSB3aXRoIHNlY3VyaXR5IGluY2lk
ZW50cywgYW5kIHJlZ2lzdGVyaW5nIHRvDQpyZWNlaXZlIHNlY3VyaXR5IGluZm9ybWF0aW9uIGZy
b20gQ2lzY28sIGlzIGF2YWlsYWJsZSBvbiBDaXNjbydzIHdvcmxkd2lkZQ0Kd2Vic2l0ZSBhdDoN
CiJodHRwOi8vd3d3LmNpc2NvLmNvbS9lbi9VUy9wcm9kdWN0cy9wcm9kdWN0c19zZWN1cml0eV92
dWxuZXJhYmlsaXR5X3BvbGljeS5odG1sIg0KDQpUaGlzIGluY2x1ZGVzIGluc3RydWN0aW9ucyBm
b3IgcHJlc3MgaW5xdWlyaWVzIHJlZ2FyZGluZyBDaXNjbyBzZWN1cml0eQ0KcmVzcG9uc2VzLiBB
bGwgQ2lzY28gc2VjdXJpdHkgYWR2aXNvcmllcyBhcmUgYXZhaWxhYmxlIGF0DQpodHRwOi8vd3d3
LmNpc2NvLmNvbS9nby9wc2lydA0KDQotLS0tLUJFR0lOIFBHUCBTSUdOQVRVUkUtLS0tLQ0KVmVy
c2lvbjogUEdQIDguMQ0KDQppUUEvQXdVQlE2ZE5mbnN4cU04eXRyV1FFUUpwT1FDZzNIM3NsVVVC
QjZqV1dRbUJKOG8yRnFEYVJPY0FuMkpQDQpJNW5zb0pOWHBhdjVVSy94TlhTZFlBcW4NCj1aU24w
DQotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0NCg==
------_=_NextPart_001_01C604FD.E9D5D0F3--
