ESB-2017.2719 - [Appliance][Virtual] F5 BIG-IP products: Execute arbitrary code/commands - Remote/unauthenticated 2017-10-27

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2719
         K02692210: BIG-IP virtual server with HTTP Explicit Proxy
                 and/or SOCKS vulnerability CVE-2017-6157
                              27 October 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 BIG-IP products
Publisher:         F5 Networks
Operating System:  Network Appliance
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Modify Arbitrary Files          -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-6157  

Original Bulletin: 
   https://support.f5.com/csp/article/K02692210

- --------------------------BEGIN INCLUDED TEXT--------------------

K02692210: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS
vulnerability CVE-2017-6157

Security Advisory

Original Publication Date: Oct 27, 2017

Applies to (see versions):

  o Product: BIG-IQ, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC,
    BIG-IQ Centralized Management
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o Product: BIG-IP, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM,
    BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link
    Controller, BIG-IP LTM, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o Product: Enterprise Manager
      - 3.1.1
  o Product: F5 iWorkflow
      - 2.3.0, 2.2.0, 2.1.0, 2.0.2, 2.0.1, 2.0.0
  o Product: LineRate
      - 2.6.1, 2.6.0, 2.5.2, 2.5.1, 2.5.0
  o Product: ARX, ARX
      - 6.4.0, 6.3.0, 6.2.0
  o Product: F5 WebSafe
      - 1.0.0
  o Product: Traffix SDC
      - 5.1.0, 4.4.0, 4.0.5, 4.0.2, 4.0.0
  o Product: BIG-IQ Cloud and Orchestration
      - 1.0.0

Security Advisory Description

BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy
functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote
attack that allows modification of BIG-IP system configuration, extraction of
sensitive system files, and/or possible remote command execution on the BIG-IP
system. (CVE-2017-6157)

Note: This vulnerability covers the scenarios that were not addressed in
K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS
vulnerability CVE-2016-5700.

F5 Technical Support has no additional information about this issue.

Impact

When this vulnerability is successfully exploited, a remote attacker may be
able to modify the system configuration or extract sensitive system files.

Security Advisory Status

F5 Product Development has assigned ID 614097 and 614147 (BIG-IP) to this
vulnerability.

To determine if your release is known to be vulnerable, the components or
features that are affected by the vulnerability, and for information about
releases or hotfixes that address the vulnerability, refer to the following
table:

+--------------+-----------+-------------+----------+-------------------------+
|              |Versions   |Versions     |          |                         |
|Product       |known to be|known to be  |Severity  |Vulnerable component or  |
|              |vulnerable |not          |          |feature                  |
|              |           |vulnerable   |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP LTM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP AAM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP AFM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |           |13.0.0       |          |                         |
|              |           |12.0.0 -     |          |                         |
|BIG-IP        |None       |12.1.2       |Not       |None                     |
|Analytics     |           |11.4.1 -     |vulnerable|                         |
|              |           |11.6.2       |          |                         |
|              |           |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP APM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP ASM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |           |13.0.0       |Not       |                         |
|BIG-IP DNS    |None       |12.0.0 -     |vulnerable|None                     |
|              |           |12.1.2       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IP Edge   |None       |11.2.1       |Not       |None                     |
|Gateway       |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |           |11.4.1 -     |Not       |                         |
|BIG-IP GTM    |None       |11.6.2       |vulnerable|None                     |
|              |           |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP Link   |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|Controller    |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |11.2.1       |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |                         |
|              |12.1.1     |12.1.2       |          |Virtual server with HTTP |
|BIG-IP PEM    |11.6.0 -   |11.6.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.1     |11.5.5       |          |SOCKS profile enabled    |
|              |11.5.0 -   |11.4.1       |          |                         |
|              |11.5.4     |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IP PSM    |None       |11.4.1       |Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IP        |None       |11.2.1       |Not       |None                     |
|WebAccelerator|           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|              |12.0.0 -   |13.0.0       |          |Virtual server with HTTP |
|BIG-IP WebSafe|12.1.1     |12.1.2       |Medium    |Explicit Proxy and/or a  |
|              |11.6.0 -   |11.6.2       |          |SOCKS profile enabled    |
|              |11.6.1     |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|ARX           |None       |6.2.0 - 6.4.0|Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|Enterprise    |None       |3.1.1        |Not       |None                     |
|Manager       |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ Cloud  |None       |4.0.0 - 4.5.0|Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ Device |None       |4.2.0 - 4.5.0|Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ        |None       |4.0.0 - 4.5.0|Not       |None                     |
|Security      |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ ADC    |None       |4.5.0        |Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ        |           |5.0.0 - 5.3.0|Not       |                         |
|Centralized   |None       |4.6.0        |vulnerable|None                     |
|Management    |           |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|BIG-IQ Cloud  |           |             |Not       |                         |
|and           |None       |1.0.0        |vulnerable|None                     |
|Orchestration |           |             |          |                         |
+--------------+-----------+-------------+----------+-------------------------+
|F5 iWorkflow  |None       |2.0.0 - 2.3.0|Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|LineRate      |None       |2.5.0 - 2.6.1|Not       |None                     |
|              |           |             |vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+
|Traffix SDC   |None       |5.0.0 - 5.1.0|Not       |None                     |
|              |           |4.0.0 - 4.4.0|vulnerable|                         |
+--------------+-----------+-------------+----------+-------------------------+

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Versions known to be not vulnerable column. If the table lists only an
older version than what you are currently running, or does not list a
non-vulnerable version, then no upgrade candidate currently exists.

Only virtual servers with configurations using the HTTP Explicit Proxy
functionality and/or SOCKS profile are vulnerable. The HTTP Explicit Proxy
functionality is enabled when an HTTP profile associated with a virtual server
has the Proxy Mode setting configured with the Explicit value. In the following
HTTP profile configuration snippet example, an HTTP profile is configured with
the Explicit Proxy functionality:

ltm profile http /Common/My_HTTP_explicit_profile {
    app-service none
    defaults-from /Common/http-explicit
    explicit-proxy {
        default-connect-handling allow
        dns-resolver /Common/My_DNS_resolver
    }
    proxy-type explicit
}

The following profile configuration snippet example shows a typical SOCKS
profile:

ltm profile socks My_SOCKS_profile {
    app-service none
    defaults-from socks
    dns-resolver My_DNS_resolver
}

To determine if your BIG-IP system has a virtual server configuration using the
HTTP Explicit Proxy functionality and/or SOCKS profile, perform the following
procedures:

  o Determining the HTTP profiles configured with the Explicit Proxy
    functionality
  o Determining the SOCKS profiles configured on the system
  o Determining the virtual servers that are enabled with the HTTP Explicit
    Proxy functionality and/or SOCKS profile

Determining the HTTP profiles configured with the Explicit Proxy functionality

Impact of action: Performing the following procedure should not have a negative
impact on your system.

 1. Log in to the TMOS Shell (tmsh) by typing the following command:

    tmsh

 2. List the HTTP profiles that are configured with the Explicit Proxy
    functionality by typing the following command:

    list ltm profile http proxy-type | grep -B 1 explicit

 3. Note the names of the HTTP profiles. You will use the noted profile names
    to determine which virtual server is enabled with the HTTP Explicit Proxy
    functionality in the final procedure.

Determining the SOCKS profiles configured on the system

Impact of action: Performing the following procedure should not have a negative
impact on your system.

 1. Log in to tmsh by typing the following command:

    tmsh

 2. List the SOCKS profile configured on your BIG-IP system by typing the
    following command:

    list ltm profile socks

 3. Note the names of the configured SOCKS profiles. You will use the profile
    names to determine which virtual server is enabled with the SOCKS profile
    in the final procedure.

Determining the virtual servers that are enabled with the HTTP Explicit Proxy
functionality and/or SOCKS profile

Impact of action: Performing the following procedure should not have a negative
impact on your system.

 1. Log in to tmsh by typing the following command:

    tmsh

 2. Using the profile names obtained from the previous procedures, determine
    the virtual servers that are enabled with the HTTP Explicit Proxy
    functionality and/or SOCKS profile by using the following command syntax:

    list ltm virtual all profiles | grep -B 2 <profile name>

    For example, you would type the following command to determine which
    virtual server is using the My_HTTP_explicit_profile profile:

    list ltm virtual all profiles | grep -B 2 My_HTTP_explicit_profile

 3. Repeat step 2 for the remaining profile names obtained from previous
    procedures.

Mitigation

None

Supplemental Information

  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K167: Downloading software and firmware from F5
  o K13123: Managing BIG-IP product hotfixes (11.x - 13.x)
  o K9502: BIG-IP hotfix matrix

Applies to (see versions):

  o ARX:
      - 6.4.0, 6.3.0, 6.2.0
  o BIG-IP AAM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP AFM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP APM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP ASM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP Analytics:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP DNS:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP Edge Gateway:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP GTM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP LTM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP Link Controller:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP PEM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP PSM:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IP WebAccelerator:
      - 13.0.0, 12.1.2, 12.1.1, 12.1.0, 12.0.0, 11.6.2, 11.6.1, 11.6.0, 11.5.5,
        11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.2.1
  o BIG-IQ ADC:
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o BIG-IQ Centralized Management:
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o BIG-IQ Cloud:
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o BIG-IQ Cloud and Orchestration:
      - 1.0.0
  o BIG-IQ Device:
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o BIG-IQ Security:
      - 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0, 4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0,
        4.0.0
  o Enterprise Manager:
      - 3.1.1
  o F5 WebSafe:
      - 1.0.0
  o F5 iWorkflow:
      - 2.0.0, 2.1.0, 2.0.1, 2.2.0, 2.0.2, 2.3.0
  o LineRate:
      - 2.6.0, 2.5.1, 2.6.1, 2.5.2, 2.5.0
  o Traffix SDC:
      - 4.0.2, 5.1.0, 4.0.0, 4.4.0, 4.0.5

(C) Copyright 2017 by F5 Networks, Inc. | Policies | Trademarks rev:1.0.907.4131

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWfKZTYx+lLeg9Ub1AQgDpw//VXHw5UNnNOIJiJ1C3qzPlHhADVNU6m5A
KQMyr3Spj0n/mT0GSldRNMbDCucUFyqhcCl9Q+LNB08DOlJNIEruqIvoiQ9bL93F
TKpzUWbDlnKm+9c45hTGEwVpVk8sWCYBg4K9YnDWClpotccCBY6bOrxCfPssfep/
Jwts5+Lu1ExCkmc6vFcXAeNdvZxUCx9+zMmuUMqDxuNhZX5VVMlsbP6EegxbUwHj
TvFxX6GS42KT0Vx2SK7Yy+NaveYPDIVZXXHIMnvHHUEF5EBwM5F3BYopmXk/fZzt
Fji3BIqAcPD5KOuJ/ahYYWWbJW90HxtL/M5rIU4X5CovZo/LUYNaBLvyX0Bbpn++
3c+arWb+aRT6DdgNnm1eru2UtCUhgn3QLyTRTuug+cpyV9KbrUscVb3aVjrmVy7s
kF6eJEi/rA8J1xasnxyaTsAWg4grsxTAHWES5tVIYPUm4nPy/CpKLU16gfvSaLMW
9HQaEaxRQKiJYr7GDKI2sPbwBfL4Np01rdwlXuDb8yyXrVwYPf40zxtyirD/bMuu
1y2aZfzyOAtBTMjqNBBx15v8c1zGEyVWrbD2wl+ZAF18eOvcZaCagivjOzSh4UiM
lqrar6IKDiuaM9ruMUfKwF1O4liZ5r3FQVeiQ5D4PP9UNQ7OMyLUZPslqKkJNDbN
bNo50MiglIY=
=2+W7
-----END PGP SIGNATURE-----

« Back to bulletins