[Full-Disclosure] [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx

From: Michael S. Scheidell (Scheidell@secnap.com)
Date: 12/02/02

• Next message: bugzilla@redhat.com: "[Full-Disclosure] [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability"
• Previous message: Richard van den Berg: "[Full-Disclosure] ShopFactory shopping cart price manipulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Scheidell@secnap.com (Michael S. Scheidell)
Date: Mon, 2 Dec 2002 13:04:31 -0500

This is a multi-part message in MIME format.

------_=_NextPart_001_01C29A2D.4379BC14
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Information:
Name: 3com NBX IP phone system Denial of Service Attack
Systems: 3com NBX IP Phone Call manager, FW Versions through 4_1_4
Severity: Critical
Category: Denial of Service
Classification: Boundary Condition Error
Vendor URL: http://www.3com.com
Author: Michael S. Scheidell (scheidell@secnap.net)
Date: December 2nd, 2002
Notifications: (3com, WindRiver and CERT) Notified October 31st, 2002
Contact with 3com October 31st, November 1st, 5th, 6th, 15th and =
November 22nd
Contact with WindRiver: October 31st, November 6th, 22nd, and 24th. No =
response from WindRiver.

Discussion: (From 3com's and WindRiver's web site)

3Com=AE SuperStack=AE 3 NBX=AE and 3Com NBX 100 networked telephony =
solutions offer wide-ranging price/performance alternatives to fit your =
business needs today and tomorrow. 3Com=AE SuperStack=AE 3 NBX=AE =
Networked Telephony Solution Delivers robust, full-featured business =
communications for up to 1500 devices (lines/stations) Ensures high =
system availability with the Wind River VxWorks real-time operating =
system (also used in pacemakers and artificial hearts), so server and PC =
downtime does not impact your telephone service.

VxWorks and pSOSystem are the most widely adopted real-time operating =
systems (RTOSs) in the embedded industry -- for good reason. They are =
flexible, scalable, reliable, and available on all popular CPU =
platforms. They are also, by most measures, the fastest RTOSs available =
today.=20

Exploit:

It was possible to make the remote FTP server crash by issuing this =
command :
        CEL aaaa[...]aaaa where string is 2048 bytes long. This can be =
done with netcat,
        a windows client by telnetting to the nbx server on port 21 or =
by running the aix_ftpd.nasl test
        in nessus (www.nessus.org)

The 3com NBX uses VXWORKS Embedded Real time Operating system and what =
appears to be their own internal ftp server. This buffer overflow =
problem seems to be one similar to the AIX ftpd reported in CVE =
1999-0789 and bugtraq id 679.

By sending a specific string of data to the ftp server, an attacker can =
disable not only the ftp server, but the integrated web based =
administrative console and the call manager preventing diagnostics, =
control and all incoming, outgoing or internal calls. Any calls in =
progress cannot be disconnected, and in the case of long distance calls, =
could result in excessive long distance bills and extended loss of use =
of the phone system.

This condition is not recovered without a Hard reboot (power off/on). =
Since the 3com nbx is based on an embedded *nix operating system, and =
abrupt power off could cause loss of data, including corruption of voice =
mails in progress or logs.

A company who uses the VoIP features for remote locations, and who has =
the call manager located on the outside of their firewall, or has no =
firewall can have their voice communications disrupted easily. Even if =
the company has call manager located on internal network, people with =
internal network access can also disrupt communications.

We have tested 3com nbx firmware version 4_0_17 (with ftpd version 5.4) =
and nbx firmware version 4_1_4 (ftpd version 5.4.2) and this bug seems =
to be present in both systems.

Vendor Response:
3com confirmed problem and received a field patch, TSR(296292) from =
vxworks to address the problem. Neither WindRiver nor 3com has provided =
a test bed or access to a fixed system for us verify fix. 3com will be =
working to integrate this TSR into a future release of the nbx build but =
has no date yet for release. Also, since ftpd is only used for debugging =
and diagnostics, a future firmware will allow the administrator the =
ability to turn off ftpd if not used.

Please contact 3com for further information.

Solution:
There is no known fix. If you have information about a fix, please =
contact security@secnap.net

There appears to be on way to turn off the build in ftp server in this =
version of the software, no way to do ip address limits via tcp wrapper =
or acls, and if there is a build in firewall, there is no documented way =
to access it. The only way we know of to prevent a denial of service =
attack on the 3com nbx is to place it behind its own firewall. If call =
manager is placed on the Internet side of the firewall or in the DMZ, =
care should be taken to prohibit any access to ftp port (tcp port 21) =
This may be impossible on an internal network unless 3com nbx is itself =
placed behind a firewall, or on a separate VLAN or network segment.

Care should be taken in this approach, since some firewalls may =
interfere with the VoIP operations.
(see Firewall limits vex VoIP users =
http://www.nwfusion.com/news/2002/0625bleeding.html )

Credit:
This problem was originally found during a routine security audit by =
Michael Scheidell, SECNAP Network Security, www.secnap.net using the =
Nessus vulnerabilities scanner, www.nessus.org.

Additional Information:
A tcpdump/pcap packet of the sploit and ftpd/nbx response can be found =
at
http://www.secnap.net/private/nbx.pcap

A copy of this report can be found at =
http://www.secnap.net/security/nbx001.html
and at http://www.kb.cert.org/vuls/id/317417
If you have snort or ISS's trons IDS, a signature to detect this attack =
can be found at
http://www.snort.org/snort-db/sid.html?sid=3D337

To test your systems for this vulnerability, you can use Nessus at =
www.nessus.org. Either update your signatures, or download this nessus =
signature: vxworks_ftpd.nasl =
http://cgi.nessus.org/plugins/dump.php?id=3D11185

For a report on Security Risk Factors with IP Telephony based Networks =
see:
'http://www.sys-security.com/archive/papers/Security_Risk_Factors_with_IP=
_Telephony_based_Networks.pdf'

Also reference article "is VoIP vulnerable"? =
http://www.nwfusion.com/news/2002/0624voip.html=20

Copyright:
Above Copyright(c) 2002, SECNAP Network Security, LLC. World rights =
reserved.

This security report can be copied and redistributed electronically =
provided it is not edited and is quoted in its entirety without written =
consent of SECNAP Network Security, LLC. Additional information or =
permission may be obtained by contacting SECNAP Network Security at =
561-368-9561 or at www.secnap.com

--=20
Michael S. Scheidell
SECNAP Network Security www.secnap.com
scheidell@secnap.net / 1+561.368.9561, 1131

------_=_NextPart_001_01C29A2D.4379BC14
Content-Type: application/ms-tnef;
        name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+IiQSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAQQAAAFtWVSMzMTc0MTddIERlbmlh
bCBvZiBTZXJ2aWNlIGNvbmRpdGlvbiBpbiB2eHdvcmtzIGZ0cGQvM2NvbSBuYngACRYBBYADAA4A
AADSBwwAAgANAAQAHwABABgBASCAAwAOAAAA0gcMAAIADQAEAB8AAQAYAQEJgAEAIQAAADZCNTVD
QTUzNzBFMERGNDQ4RkREQUQ4N0U3QTk1ODY2AGUHAQOQBgBwFgAAMwAAAAsAAgABAAAAAwAmAAAA
AAALACsAAAAAAAIBMQABAAAAnwEAAFBDREZFQjA5AAEAAgCHAAAAAAAAADihuxAF5RAaobsIACsq
VsIAAEVNU01EQi5ETEwAAAAAAAAAABtV+iCqZhHNm8gAqgAvxFoMAAAAU0VDTkFQMgAvbz1TRUNO
QVAvb3U9Zmlyc3QgYWRtaW5pc3RyYXRpdmUgZ3JvdXAvY249UmVjaXBpZW50cy9jbj1TY2hlaWRl
bGwALgAAAAAAAADQI8GuH8OrR6Wh+gTHK7QxAQCzvK9CRqioSYOoDatQ/nJCAAAAABeUAABGAAAA
AAAAANAjwa4fw6tHpaH6BMcrtDEHALO8r0JGqKhJg6gNq1D+ckIAAAAAF5QAALO8r0JGqKhJg6gN
q1D+ckIAAAAA2PUAAC4AAAAAAAAA0CPBrh/Dq0elofoExyu0MQEAs7yvQkaoqEmDqA2rUP5yQgAA
AAFf3AAAEAAAAGtVylNw4N9Ej92th+epWGZBAAAAW1ZVIzMxNzQxN10gRGVuaWFsIG9mIFNlcnZp
Y2UgY29uZGl0aW9uIGluIHZ4d29ya3MgZnRwZC8zY29tIG5ieAAAAwA2AAAAAABAADkAFLx5Qy2a
wgEeAD0AAQAAAAEAAAAAAAAAAgFHAAEAAAAuAAAAYz11czthPSA7cD1TRUNOQVA7bD1TRUNOQVAy
LTAyMTIwMjE4MDQzMVotNTA2AAAAHgBwAAEAAABBAAAAW1ZVIzMxNzQxN10gRGVuaWFsIG9mIFNl
cnZpY2UgY29uZGl0aW9uIGluIHZ4d29ya3MgZnRwZC8zY29tIG5ieAAAAAACAXEAAQAAABYAAAAB
wpotRfgqBRD+tkhBOJqD7eGdDokEAAAeABoMAQAAABUAAABNaWNoYWVsIFMuIFNjaGVpZGVsbAAA
AAAeAB0OAQAAAEEAAABbVlUjMzE3NDE3XSBEZW5pYWwgb2YgU2VydmljZSBjb25kaXRpb24gaW4g
dnh3b3JrcyBmdHBkLzNjb20gbmJ4AAAAAAIBCRABAAAAxA4AAMAOAACYGgAATFpGddZyiB4DAAoA
cmNwZzEyNRYyAPgLYG4OEDAzM48B9wKkA+MCAHBycQ5QCGZjaArAc2V0MFYgBxMCgH0KgXYIkHfS
awuAZDQMYGMAUAsDUQu1IEluAhByAMB0mmkCIDoKogqATmEHgFA6ICAzBaBtB7BCQlgUIFAgcGgC
IGVAIHN5c3RlFfBEYwnwBzEgb2YGUhKAY+0WwEECQADQaxT0BrAXAtZzFZAVylAWk0MHQAMgCQOB
YWcEkCwgRlc8IFYEkACQAiAEICB0AmgDYHVnaCA0X0wxXxMAGORldgZxdPp5FZFDHgEN4AdAFPQa
4P0XEGcFsB4xF18e9QtgBBDnBpAesRSjIEIIYBLgCsA2eRrQAiBkHpECICBFenIDYHIU9BvwEuAF
sVUkUkwVkSBoAkBwOqgvL3clkC4Vwi4V0bkU9EF1HJAFsCTiTQ3gZRFQZQMgUy4GABFAZbZpAQAb
ASgE8CglQBGAkmMbUHAuFrB0KRT0fkQfYSTiH/AYQAbQBJAgbjIS4BugAdAwDlAVBG+3FKAhxhmR
KBXCG6BXEtFUUmkd4SAAcGQa0EU4UlQpB7AscwmAIE/IY3RvKzIzMRcAK6r/IvEYkQVAA/AckBW0
L5wsYLcd4CsjMCM1HJAboDY0Au4xM/EuUzMXMitxML8c8P8txxWQMj8rFDQ0NbIboC5iXDI0HJAn
4CxgIAlwc95wHEEWwANSLbguFPQqBZkEAGN1IZEiIihGO3I9FcInBCAuYi3HPnF3ZXZiFtAeEGUp
9TxYCzBz5mIPQAFAc2FBcRWwCFBNJkAnJ5AGAHVwBJBT+xiTQmIzFgJCUy5iQhIWA2tB0inBdwWw
ay9hFxBs9mUWgiLQcwbwJsAcMxfAzmYrQQPwAQAtcg8RC4BuZxZwBRAYQC9CwRRTbv8YQQdAFxAE
oBSRHeAEIC+wkztQHhAgeQhhIGI9UP8LgAeQBCAWsAmASiIioCLQ/y5iL7AEYCOhJbBCD0MfB7G1
RWZURfdTRpUf4WwuEk8EIANgSwEwQWZ1GwAtv0dAFJAIcC9hSwcV0W0igP8stjtQBbFN0EoyNJBB
4QEA2xgiBCAoUUBLQS8XACzUnS7gRQCAUsEEIGhpHOHZFuVhdgtwC2BiAxAeET8xhByQFsAtwgfw
LhNWeP5XRYFRkVKQUmAUoAeAF7DvTeEUkUghFuUoB0BGgFTAvxGALoALgBZwANAXIGFFoP9RgS5i
CsAsgxeCKCBeYVbgnxugXMERgBgQLjVQQ1Vw30zwAjBbQiRwB5FuLHBdMP5tXXFKlUXmFsEYBDxA
VhKPCvUkA1p1LmJwU08ZNL9eURbAWXIEYBcAR3NsTDH/JHAFMC9hWu9b91XhLsBlkG9W4V1BWXIr
EmQBAF0iZPNR4SLBLS1Ugx+QBHBnwvVGgG4n4FQoIEwxZiEO8OhleGkCYGVfgR7BAaD/bdIJcFFA
blReI1hkRgAXsDcDoBryOwBwUkAKwUNQ3lUWcAtgADAUYXNsyVyi/RugYiLQZpMHgCGAV0IboP1Z
cmYhgBcQZrFpo2+JS/PTJ+A8WkV4C1BvHhAU5f0U9EkxcSGAcJEhkXWkGyG/RaBZYwlwBGAXEBuw
VBZgv1/VBQAhgBzwcwEEAXVIEv8ckAQAU5MuYhTlJPF9gy6gpkwuUH5BWy5+kF1+Qn8xgCggZiFr
UUgSfGEB0DT2OHLxdJEgCQAPICfgbNH/fGIDkSswYKEWsTGTKcEh4f4sfSx/ARLRTPBTgVFACfB/
BUBzAUXhKcFb00pBWXJufGJ4X8YjYTsAACArYDH3F7BK4SLQciKAAwB8E0QRyGl4XwGAcGQpsCGA
/wMgdJJ9LF1BS0I9UCiQJZL1iwQuBbBnQCts4RW4XPGBBCBWWFdPUksF8LpFapZSZ+EcgGgyT1ue
7y5ifyAUkC5QcE3gEWFKMvuB0VlxaYbhYNBdMUmTAyD/iRFfxWzCfGFLAEczMyFI0P8JAAfgEOAv
wEYAFfARgGlSP5IkFqMHcFiBYnGF9EFJHxYwiRI6wYcyXRRDVkUFM5A5mdAtMDc4OcsuU0sAZ2tg
YXFdMC6A6DY3OTxLQkZhJFFIEv9/ADrwBZAhsn92F8EioAGQ/4XWk7g54i5QGIN7AgORIyD/QbBv
8mGSAiBnIZ7eSwAFQL9ZcpMiCcAfYZExP7FiIYD/L2FnUJdgAwBrUUnTU5EAgP8G8EQUWXIewRsX
SEEd0WDh/0ghIyAbYGGQFwAN4HPxpaH/a2AG8F4UGwELgBXRSBEboP0IYHQfkJ3jBcCTJ6aiceH/
EcBGUavjXTMDYAnBU3IAcP9hkoHSPSECIBawL6AJgDnk/2oVHsA7MRfBgNKgwgGQSTL/q+Oo0lJA
Z7JXMEmAXTJtkP9VwQCQpXGwfFixrNEuYm2Q/xcQEuAvYQkABBEXwVzxF7L/WXIWijxLgUQjB3xh
YZIJcL8FoB3ho+IxoaqRg+FICxH3OsEG4GGhKDsAP6CG4QEg6i8CICmBEVOp8WY0FcO/hlKUkqRj
cDKyoWqWKgMA94ZwW45vNWKIEAUxu6extf8ewLXytXaeUhugqfEKQJyz7wWhwSIjUhfBdndQGEEA
wG8DEKzsBbEJAGdx4DxaQX9TkgqwRlF/IFzTSiFZgVb+bxZRUoVUdHoVCQAsxTnk/8iSEVDJBKar
yvO+NFlyqpH/AJABALYlkrEhwAlweIAbAP+qcQXAzCJhkM9ngYMRUKVx/5KExTRTraDRwSIvYWxx
AxD/diEjgKehXTC2RMgWzCLMr//NtZMnRUUboE3gW4BwATGT+9e+LlBjsuKBg1yj04VTnf08S1cW
wNGEdKEvYb1Hz3G+bXiAZiFRYiNSHRAwHSAeN4thMaKYc9/mNS40fy7gLmLfH+AkHTEokOE+Lv4y
4jR8Q5qhljuncZyBsnP/BuAxsWkVPEskRY9gOvQU5f8Vw6Wh4tIvYZXGLmK5kSgw/x3gXkFKYSeg
ZVEUkBFAG6CAVFNSKDI5Nu4wc+VhO2N2eEVySiNnUGT/rXO2Y5XUgREHwDGhK0EtyP9hkC/xFdLM
IpXBEoBq0p6Bv3SiaqGHotql74JKYXgvYe8W5VSTBCAd4mYi0PUxgRH/FcMD8BsBgdFFcoWlo2d8
NP/t8ZMS9PMmwFLBbqJscbYX/4ZSSwADEFLyBUDQRZ5RFsDeeRGQyjX68yfgQXKzSyH/GEGYc3xh
oZNc81SSDtCaof9IAy5iqCv6R+LX95Ma8ZWR/4iTpMjpoYiTWLWF4ghwxOK/F9D/NBfQYZJc8jxL
UPr0/6jyMVIVw1SSUjBecPFS/uB/FFc8S1CWFOVs4WYhuSMg7mthkJLx9uRJF9BKsdF0/wqJwPG6
dPUx2LEInClRBjD/HhEpSYx9cnKRuyNheIAF3P9ZcvwEXUGfGGoEfGHf5rY1/0aAnxDfkhug0IEV
FSRwXTD/VODvtlFAl2BfUMUgbuCPoPpjVOB3R9CRsYbh9FKxgv+vQ7ZDDSR/ABZYz4cdl/zi/csA
dY/QkzGRMRUk2qUSAP+BE3ASZyEVEj+gDaO2Izqw/6d1g+EoUIhAj4GeIWM1n/X/zea9SiOScOBJ
QUqBKzBXkP+vUhthDdTPlA5Epqt8YSdT/c3XSZMz/XHOmdCoqyNZY/hETVqo0WYSe2DCI5JS913B
aiEjom9XkFiwupFQYff0eJ8ShzMoG9KHNeIwgUP/xZBrgIHRYdF41r5k2Z/S0P9GANrhvUobUe1A
wfAqtSflP+0Cz5kPwl/BZBH5IlZM3EFOh6LaJhJAZyByB7v+Qy5/1NIXpZGh8xDaoO3B//7URoCP
0c92MvSTI0dBgjX3ySdbhdzYKJZBenDQxhsmL7LAyVRc8VGBaIWAcDq0Ly+Lg3dSMOASLo2BFi+2
0IRgL4AgMDIvujDuUDWhEb7wW+EuRQD2balQjGtDUtF3Z4FDlcb/eILpoFeg/uBwYfbBunABQv8R
4ZzT8xBQwWMDEdRgMMPx/YTjTQHw1fDtQLyQ7bDPMINnAc/hU0VDTkF6oPvxENpEUxHF7dCLghJI
XOH3iFbxEIsjdrJQttAcIAWD/4SwXgBuEa6xn6GLjMcsasD/uMOPgSuQD1cMhcfwG9FrMPlh4C9w
biAxcaAyoXEYpf93M2AziRJGcIZhrXHqA4GG/0uk0xB9JEUJEkhYkBHwb6DbkNBawi5Yosc+cGuA
tjP/fGGYxFueRPpdqRG2WsJG4J4xR+N9JMDDYltrYkYwd6uAIdCMMS9S8Uaw80AvujPgoDTgoHf1
Dolz8jHDoXHpsElTUycxAfMQ8dNRSURTAiJ48KhQydP/GgOCsK7RPaUllFuvXL5pYuNnA2lTLWRi
Y8DzQEfj4j/OkT0zM2gljNWX0f90og6h6bDoJfXzF8RTCVDB/w6igZK18lKFkXFUjdSR8TT/2+D9
FHKTayYCEQBikuHC0O8aoHw0iwVrFzru9okJRQX+YwDgi7lYkAwgAOFGsFhSUV8AaHA/cOExfyA4
+jUHykb0QmD2D8FQVo9Q+7PA2oBGCTHpoLSA4OPJgf5U+uG2ojMxpGNP1VPRllDtDIUnYnqQsC0R
tkYzl5Bf7bDx4ViQEoDf8S9QVl9VgcJfghVf4OJfyYBfNYMXX6RTX4QWXwBkZv4nxzvbYvrQQIK0
ApeQAeE9NAEiuFHJY1L2NcAiP/dE/0YPRxI00jESkEfzO3t/YEFLAY9AV5a7QKVxkwcoHmPiMEbS
T09QWExMQ/33EVfpoLHyk1Jg4hcjB6z/uDNNF2EMYDHtMOzh7EOwwv8R8Pxh0/I1wK7galHS8Uti
P/MHJ7G5JUkym6W4UXF1/8qxr2MbUqey+tAFwbo2HBD/EgC1AaWT52LDIZWflqxWOf8POumhv7Gq
MLMBD8EzFevQ/wkgTNH8QayBCQTAAqMfTTYBupA1NjEtMzY4/C05quH0M3YUEkXq0QfK/C0tkjVO
NryQ9xBOtwul/6lPTUSsH4URU/BO1RI59yBQLyAxK6rhLqshLl+rYu3QfyBn0AfKfYUgAAG2cB4A
NRABAAAAPAAAADxCM0JDQUY0MjQ2QThBODQ5ODNBODBEQUI1MEZFNzI0MjAxQjI2QUBzZWNuYXAy
LnNlY25hcC5jb20+AAMAgBD/////CwDyEAEAAAAfAPMQAQAAAI4AAABbAFYAVQAlADIAMwAzADEA
NwA0ADEANwBdACAARABlAG4AaQBhAGwAIABvAGYAIABTAGUAcgB2AGkAYwBlACAAYwBvAG4AZABp
AHQAaQBvAG4AIABpAG4AIAB2AHgAdwBvAHIAawBzACAAZgB0AHAAZAD/+DMAYwBvAG0AIABuAGIA
eAAuAEUATQBMAAAAAAALAPYQAAAAAEAABzAGlXJDLZrCAUAACDDkzoxDLZrCAQMA3j+vbwAAAwDx
PwkEAAAeAPg/AQAAABUAAABNaWNoYWVsIFMuIFNjaGVpZGVsbAAAAAACAfk/AQAAAF8AAAAAAAAA
3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089U0VDTkFQL09VPUZJUlNUIEFETUlOSVNUUkFUSVZF
IEdST1VQL0NOPVJFQ0lQSUVOVFMvQ049U0NIRUlERUxMAAAeAPo/AQAAABUAAABTeXN0ZW0gQWRt
aW5pc3RyYXRvcgAAAAACAfs/AQAAAB4AAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAALgAA
AAMA/T/kBAAAAwAZQAAAAAADABpAAAAAAB4AMEABAAAACgAAAFNDSEVJREVMTAAAAB4AMUABAAAA
CgAAAFNDSEVJREVMTAAAAB4AOEABAAAACgAAAFNDSEVJREVMTAAAAB4AOUABAAAAAgAAAC4AAAAD
AAlZAwAAAAsAZoEIIAYAAAAAAMAAAAAAAABGAAAAAA6FAAAAAAAAAwB+gQggBgAAAAAAwAAAAAAA
AEYAAAAAUoUAAD9xAQAeAH+BCCAGAAAAAADAAAAAAAAARgAAAABUhQAAAQAAAAQAAAA5LjAAAwDC
gQggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALAMeBCCAGAAAAAADAAAAAAAAARgAAAAADhQAA
AAAAAAMAzIEIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAAAwDRgQggBgAAAAAAwAAAAAAAAEYA
AAAAEIUAAAAAAAADANiBCCAGAAAAAADAAAAAAAAARgAAAAAYhQAAAAAAAAsA8oEIIAYAAAAAAMAA
AAAAAABGAAAAAAaFAAAAAAAACwApAAEAAAALACMAAQAAAAMABhDRq2LFAwAHEBUUAAADABAQAAAA
AAMAERAAAAAAHgAIEAEAAABlAAAASU5GT1JNQVRJT046TkFNRTozQ09NTkJYSVBQSE9ORVNZU1RF
TURFTklBTE9GU0VSVklDRUFUVEFDS1NZU1RFTVM6M0NPTU5CWElQUEhPTkVDQUxMTUFOQUdFUixG
V1ZFUlNJTwAAAAACAX8AAQAAADwAAAA8QjNCQ0FGNDI0NkE4QTg0OTgzQTgwREFCNTBGRTcyNDIw
MUIyNkFAc2VjbmFwMi5zZWNuYXAuY29tPgCt2A==

------_=_NextPart_001_01C29A2D.4379BC14--

---

• Next message: bugzilla@redhat.com: "[Full-Disclosure] [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability"
• Previous message: Richard van den Berg: "[Full-Disclosure] ShopFactory shopping cart price manipulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)