From nobody Mon Dec 22 22:25:45 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dZt5H56HRz6Ll8n for ; Mon, 22 Dec 2025 22:25:55 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4dZt5F3cZgz3Kw9 for ; Mon, 22 Dec 2025 22:25:53 +0000 (UTC) (envelope-from karl@denninger.net) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=denninger.net; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net Received: from denninger.net (unknown [162.81.137.111]) by colo1.denninger.net (Postfix) with ESMTP id 3E9324E602 for ; Mon, 22 Dec 2025 17:25:47 -0500 (EST) Received: by denninger.net (Postfix, from userid 58) id 10C9E4AFE5C; Mon, 22 Dec 2025 17:25:47 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.2 (2025-08-27) on NewFS.denninger.net X-Spam-Level: X-Spam-Status: No, score=-4.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, HTML_FONT_SIZE_HUGE,HTML_MESSAGE autolearn=no autolearn_force=no version=4.0.2 X-Spam-Report: * -3.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge Received: from [192.168.10.16] (D6.Denninger.Net [192.168.10.16]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id BC84B4C022C for ; Mon, 22 Dec 2025 17:25:46 -0500 (EST) Message-ID: <9db9807a-a05e-4bcf-85b5-8e921db91f5b@denninger.net> Date: Mon, 22 Dec 2025 17:25:45 -0500 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: FreeBSD-SA-25:12.rtsold.asc clarification needed To: freebsd-security@freebsd.org References: <20251222210308.4352ee6f@Hydrogen> <479965af-2f24-4ee5-b938-adc1e5eea2a4@sentex.net> <20251222211100.3f245825@Hydrogen> <20251222215128.212a1040@Hydrogen> From: Karl Denninger Content-Language: en-US In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms000907020802080609020905" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.27 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_MEDIUM(1.00)[0.998]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; NEURAL_HAM_SHORT(-0.47)[-0.466]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; MIME_BASE64_TEXT(0.10)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; FREEFALL_USER(0.00)[karl]; RCVD_COUNT_THREE(0.00)[3]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4dZt5F3cZgz3Kw9 This is a cryptographically signed message in MIME format. --------------ms000907020802080609020905 Content-Type: multipart/alternative; boundary="------------k5fHmPzZKkQmktE2ZRi8Uxxu" --------------k5fHmPzZKkQmktE2ZRi8Uxxu Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAxMi8yMi8yMDI1IDE3OjA1LCBtaWtlIHRhbmNzYSB3cm90ZToNCj4gT24gMTIvMjIv MjAyNSA0OjUxIFBNLCBQb2xhcmlhbiB3cm90ZToNCj4+IEhleSwNCj4+DQo+Pj4gSSBhbSB0 cnlpbmcgdG8gdW5kZXJzdGFuZCBpZiBydHNvbGQgaXMgbm90IHJ1bm5pbmcgYW5kIG5vdCBl bmFibGVkLA0KPj4+IHdoYXQgZnJvbSB0aGUga2VybmVsIHdvdWxkIHNwaW4gdGhhdCB1cCB0 byBleHBvc2UgdGhlIGNvZGUgcGF0aCB0aGF0DQo+Pj4gaXMgcGF0Y2hlZCBpbiB0aGUgYWR2 aXNvcnk/DQo+PiBJIGRvbid0IGdldCB3aGVyZSB5b3UgYXJlIGdldHRpbmcgYSBrZXJuZWwg dnVsbmVyYWJpbGl0eSBmcm9tLg0KPj4NCj4+IFRoZSBhZHZpc29yeSBhbHJlYWR5IGV4cGxh aW5zIHRoYXQgdGhlIFJDRSBjb21lcyBmcm9tIGEgbGFjayBvZiBpbnB1dA0KPj4gdmFsaWRh dGlvbiBvbiB0aGUgZG9tYWluIHNlYXJjaCBmaWVsZC4gVGhpcyBpcyBhIHVzZXJzcGFjZQ0K Pj4gdnVsbmVyYWJpbGl0eS4NCj4+DQo+PiBUaGlzIHBhc3NlZCB0byByZXNvbHZjb25mIHdo aWNoIGRvZXMgbm90IHZhbGlkYXRlIGl0cyBpbnB1dCwgd2hpY2gNCj4+IHRoZXJlZm9yZSBh bGxvd3MgZm9yIGFuIFJDRS4NCj4+DQo+PiBTbyB3aHkgd2UgdGFsa2luZyBhYm91dCBjb2Rl IHBhdGhzIHdpdGhpbiB0aGUga2VybmVsPyBJdHMgbm90IHdpdGhpbg0KPj4gdGhlIG5ldHdv cmtpbmcgc3RhY2ssIGl0IGlzIGEgdnVsbmVyYWJpbGl0eSB3aXRoaW4gdGhlIHVzZXJzcGFj ZQ0KPj4gdXRpbGl0aWVzLg0KPg0KPiBXaGVuIEkgYXNrZWQgaWYgcGF0Y2hpbmcgdGhlIHVz ZXJsYW5kIGNvZGUgd2FzIGVub3VnaCwgeW91IHNhaWQgbm8uDQo+DQo+IEZyb20gd2hhdCBJ IHVuZGVyc3RhbmQgaGF2aW5nIEFDQ0VQVF9SVEFEViBvbiBhbiBpbnRlcmZhY2UgbWVhbnMg dGhlIA0KPiBrZXJuZWwgaXMgcHJvY2Vzc2luZyBydGFkdiBwYWNrZXRzLsKgIFRoZSBhZHZp c29yeSBtZW50aW9ucyB0aGF0LCBidXQgDQo+IGl0IHNlZW1zIHRoYXRzIG5vdCBzdWZmaWNp ZW50IHRvIHRyaWdnZXIgdGhlIGJ1ZywgYXMgcnRzb2xkIGlzIHRoZSBvbmUgDQo+IHRoYXQg cHJvY2Vzc2VzIHRoZSB1bmNoZWNrZWQgRE5TIGluZm8uwqAgaS5lLiB5b3UgbmVlZCBib3Ro IA0KPiBBQ0NFUFRfUlRBRFYgZW5hYmxlZCBhbmQgcnRzb2xkIGVuYWJsZWQsIG5vID8gSWYg anVzdCBoYXZpbmcgDQo+IEFDQ0VQVF9SVEFEViBlbmFibGVkIHdvdWxkIGxlYWQgdG8gYW4g ZXhwbG9pdCwgdGhhdCBpbXBsaWVzIGEga2VybmVsIA0KPiBidWcgbm8gPw0KPg0KPiBJIGp1 c3Qgd2FudCB0byBjb25maXJtIGlmICpub3QqIHJ1bm5pbmcgcnRzb2xkIGlzIGVub3VnaCB0 byBhdm9pZCB0aGlzIA0KPiBidWcgb3IganVzdCBoYXZpbmcgdGhlIG1lcmUgcHJlc2VuY2Ug b2YgSVB2NiBjYW4gbGVhZCB0byBleHBsb2l0LiBJZiANCj4gdGhlIGxhdHRlciwgaG93IGlz IHRoYXQgYWN0dWFsbHkgd29ya2luZy4NCj4NCj4gwqAgwqAgLS0tTWlrZQ0KPg0KVW5sZXNz IEkgYW0gbWlzc2luZyBzb21ldGhpbmcgc2VyaW91cyB5b3UgYXJlIGNvcnJlY3QuDQoNCldp dGhvdXQgcnRzb2xkIGlmIHlvdSBoYXZlIGFuIGludGVyZmFjZSB0aGF0IGdvZXMgZG93biBh bmQgY29tZXMgYmFjayB1cCANCnlvdSBsaWtlbHkgd2lsbCBub3QgZ2V0IHJvdXRlcyAoaW5j bHVkaW5nIGRlZmF1bHQpIHVudGlsIHRoZSBnYXRld2F5IA0KcGVyZm9ybXMgaXRzIG5leHQg dGltZWQgdHJhbnNtaXNzaW9uICh0eXBpY2FsbHkgMTAgbWludXRlcy4pDQoNCldpdGggaXQg ZW5hYmxlZCBidXQgbm8gb3B0aW9ucyBzcGVjaWZpZWQgaXQgY29tZXMgdXAgb24gbXkgbWFj aGluZXMgYXMgDQoiLWEgLWkiIHdoaWNoIGlzICJzZWVrIHRoZSBpbnRlcmZhY2VzIHRvIHNv bGljaXQgdXBvbiBhbmQgZG8gc28gDQppbW1lZGlhdGVseSBvbiBzdGFydC4iDQoNClRoZSBw cm9ibGVtIGlzIHRoYXQgdGhlIHJlc29sdmNvbmYoOCkgc2NyaXB0IGlzIHJ1biBieSBkZWZh dWx0ICh1bmxlc3MgDQp5b3Ugc3BlY2lmeSBzb21ldGhpbmcgZWxzZSB3aXRoIHRoZSAtUiBz d2l0Y2gpIGlmIHJ0c29sZCBpcyBydW5uaW5nIGFuZCANCmEgRE5TIGNvbmZpZ3VyYXRpb24g b3B0aW9uIChSRE5TUyBvciBETlNTTCkgYWR2ZXJ0aXNlbWVudCBpcyByZWNlaXZlZC7CoCAN CklmIHJ0c29sZCBpcyBub3QgcnVubmluZyB0aGVuIGl0IHNob3VsZCBub3QgcmVzdWx0IGlu IGEgcHJvYmxlbSBwZXItc2UgDQpob3dldmVyIHlvdSBnZXQgdGhlIHBvc3NpYmlsaXR5IG9m IG5vdCBoYXZpbmcgcm91dGVzIHdoZW4gdGhlIGJveCBjb21lcyANCnVwIHVudGlsIHRoZSBn YXRld2F5IHBlcmZvcm1zIGl0cyBuZXh0IHRpbWVkIHRyYW5zbWlzc2lvbi4NCg0KLS0gDQpL YXJsIERlbm5pbmdlcg0Ka2FybEBkZW5uaW5nZXIubmV0DQovVGhlIE1hcmtldCBUaWNrZXIv DQovW1MvTUlNRSBlbmNyeXB0ZWQgZW1haWwgcHJlZmVycmVkXS8NCg== --------------k5fHmPzZKkQmktE2ZRi8Uxxu Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 12/22/2025 17:05, mike tancsa wrote= :
On 12/22/2025 4:51 PM, Polarian wrote:
Hey,

I am trying to understand if rtsold is not running and not enabled,
what from the kernel would spin that up to expose the code path that
is patched in the advisory?
I don't get where you are getting a kernel vulnerability from.

The advisory already explains that the RCE comes from a lack of input
validation on the domain search field. This is a userspace
vulnerability.

This passed to resolvconf which does not validate its input, which
therefore allows for an RCE.

So why we talking about code paths within the kernel? Its not within
the networking stack, it is a vulnerability within the userspace
utilities.

When I asked if patching the userland code was enough, you said no.

From what I understand having ACCEPT_RTADV on an interface means the kernel is processing rtadv packets.=C2=A0 The advisory mentions= that, but it seems thats not sufficient to trigger the bug, as rtsold is the one that processes the unchecked DNS info.=C2=A0 i.e.= you need both ACCEPT_RTADV enabled and rtsold enabled, no ? If just having ACCEPT_RTADV enabled would lead to an exploit, that implies a kernel bug no ?

I just want to confirm if *not* running rtsold is enough to avoid this bug or just having the mere presence of IPv6 can lead to exploit. If the latter, how is that actually working.

=C2=A0 =C2=A0 ---Mike=C2=A0

Unless I am missing something serious you are correct.

Without rtsold if you have an interface that goes down and comes back up you likely will not get routes (including default) until the gateway performs its next timed transmission (typically 10 minutes.)

With it enabled but no options specified it comes up on my machines as "-a -i" which is "seek the interfaces to solicit upon and do so immediately on start."

The problem is that the resolvconf(8) script is run by default (unless you specify something else with the -R switch) if rtsold is running and a DNS configuration option (RDNSS or DNSSL) advertisement is received.=C2=A0 If rtsold is not running then it should not result in a problem per-se however you get the possibility of not having routes when the box comes up until the gateway performs its next timed transmission.

--
Karl Denninger
karl@denninger.net
The Market Ticker
[S/MIME encrypted email preferred]<= /div> --------------k5fHmPzZKkQmktE2ZRi8Uxxu-- --------------ms000907020802080609020905 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC C4owggWZMIIDgaADAgECAhRZU8dKdMneRI1Vq5kv0k54Q5rQuDANBgkqhkiG9w0BAQsFADB2 MQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRYwFAYDVQQKDA1EZW5uaW5nZXIu TmV0MRcwFQYDVQQDDA5EZW5uaW5nZXIgUm9vdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AZGVu bmluZ2VyLm5ldDAeFw0yNDA1MDkyMTA4MDNaFw00NDA1MDQyMTA4MDNaMF0xCzAJBgNVBAYT AlVTMRIwEAYDVQQIDAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNV BAMMGURlbm5pbmdlci5OZXQgU2lnbmluZyBJbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDbR0tSiuLG5HPfo+cWtdeYQ8jc8Bjfuo0GTcNRT0glHnH1apUtInIktUknEZDH ohahInN+mMBdKg54FCHOiYZrJbyxBIo9FwX7hRmOc+spxmSYWnOd2E/YcGInMK4ZpjPzldzB Yt1n3zygkhx2bssxTJS3x4nv1qAXfLSZd1VwqoQufifEoPyTtymkkvHLv86vLgqAqooM/cXc 4LSIQ5u2uM308n42r8RkKtp7X1v9fJW8oRZN2XnFZtiUPH44YY2rHqyN2Hea9Y3+TXbldXjo xhPHTA+JYVFq8KTmbQBqU7YcMhlIG0cSxPeFLMxnP6pqPcIVTAlK+a6YGRFppfjZAgMBAAGj ggE2MIIBMjAdBgNVHQ4EFgQUH+VuxXhBxaJAQrvDekwkH91hBi4wgbMGA1UdIwSBqzCBqIAU RFYC4p6L6KITnEvrpx2cyt+PcMmheqR4MHYxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlUZW5u ZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5OZXQxFzAVBgNVBAMMDkRlbm5pbmdlciBSb290 MSIwIAYJKoZIhvcNAQkBFhNhZG1pbkBkZW5uaW5nZXIubmV0ghQZE7NBItWtQsCouuwU6jZ+ HPPwnjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaAr hilodHRwOi8vd3d3LmRlbm5pbmdlci5uZXQvcm9vdC1yZXZva2VkLmNybDANBgkqhkiG9w0B AQsFAAOCAgEAfFbhPc82AfhyUqONs7IccYD36w+OP4nQgwfC4IWf3y/aQAZ2Zk6IITzYqwf7 PFM0bJRT3zi7xyetolqHDhfMJvnOQWpITZiyM/FSKwIvuBsy/uJUqPuqui4XQMYoSbAA1qmI MW/z7VZZHwaRFoeWE40UirYcf0fNcooBZ72bmd+iBaVyjtZvky0Vgcz0eC6e6LR5kNb23yC6 TkyQIlGyQkK5/afXUYFzk49rOHVbVyxW3oXRfq8Ow6HCrpDGAS8p84S04MFwBVAUfbe4aXs3 bampaI2LzKgkVywyFP14LSvvdjCfLYfnLy1Z9hm2EHMqNHA2tCGdRhWp2d7aZC1MYFqng0ZS fjPJjqHrI1qPU0p6k9A1GxAtrQlL2v/IUzUnMZkiawFV3qlxMGZf/kTYTUOcJhx1KU4zSLHu 80qO7ldRpp5gHssCAGFbeTu2gp6LxfmaFhLPDBJ1VGfdPx9lUrU/9OcoHczcl5x2Rb8IUZyX 9elzP5WdAU8p5R/DLlOAq24VcabhFtYBCA2dOESLupSfWKNQuJCN/1gz7ysSc+mjnnPV77IO mpszJfkFFJEDNJlGIVKX1vwwygtC/9Ulox8frgbZlRAYAgDc/YbOBFxticVVre0Y3Ujx6Kzb tkgZRlgfdZWbT1W5smncqJxg5qAL8e/yTb3fCe2nJ0jhiP4wggXpMIIE0aADAgECAhMAmNFt CiCF3j+FwQLYtBTmGjzkMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAlVTMRIwEAYDVQQI DAlUZW5uZXNzZWUxFjAUBgNVBAoMDURlbm5pbmdlci5uZXQxIjAgBgNVBAMMGURlbm5pbmdl ci5OZXQgU2lnbmluZyBJbnQwHhcNMjQwNTEwMTkyNjU5WhcNMjkwNTA5MTkyNjU5WjBXMQsw CQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2VlMRcwFQYDVQQKDA5LYXJsIERlbm5pbmdl cjEbMBkGA1UEAwwSa2FybEBkZW5uaW5nZXIubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAvh1UssVbSYctzobPjwBkbjv/w4WvQNepeRTwE6+sLnXvc41+X9pa5EclPL4Q l02Vu1m71mSqXGfK9HbWZoivbhefBHOoYb35MSc24PelhwcORbpneWoWc7giQ7QgFlvEe/yj fs8M0H9fgdzFS5m2lwBQbis8kioSjHB2yt/8I1GE4Mvt1Cur9kga6ML5FAQvo8TYN1stdhrE 13FEv/BWCF4FVT4H2Wa2ySW+R1jkKb74SC6Twg98bGCRTShD5bVylh0+0LXNhzaopIDcI/KK jm/j3mRjIlmqbGrSpvJsbjjhjhAYQKE1U8FB5TDU4OkFAibblhQit/KjgspPR2o/vOpVFPER uhZEV1oDGzUJtZlkREIcN2sYBi0p7Y4585ya+b7L10mEenPlyi3eSkGXEuiy/BR2DY6lShwW DPoQ5602TKmttCSwBdWGoLrQ4jEVEVNt4lku2wPbTHF3KpHJU0g7RbcWoUYn10SOxKathkir hF3v9U32+QhPELGwqRrH0sL9rWf0qalRtPDHUYl8TebZmYkFqNeSMlqHijl5f4SsQPSj7gx5 4F19Ntm9ZcvuWTmW8QQGWTKHeMuG+BYkVIUSPe6/ZQsbD/xDx7rkyGfNgWIa4W7Wm/B7kaNq H53tk3wFmNgZQOxMTPF0oTHfW0T2azU6JD0D1AlgoAnSAE0CAwEAAaOCAaYwggGiMDoGCCsG AQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AuZGVubmluZ2VyLm5ldDo3Nzc3 MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp ZmljYXRlMB0GA1UdDgQWBBSxJZjVnlYLAT3uzvDYgc4742J6UTCBswYDVR0jBIGrMIGogBQf 5W7FeEHFokBCu8N6TCQf3WEGLqF6pHgwdjELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5l c3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLk5ldDEXMBUGA1UEAwwORGVubmluZ2VyIFJvb3Qx IjAgBgkqhkiG9w0BCQEWE2FkbWluQGRlbm5pbmdlci5uZXSCFFlTx0p0yd5EjVWrmS/STnhD mtC4MB0GA1UdEQQWMBSBEmthcmxAZGVubmluZ2VyLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEA TrQ45/tBN3SiuqItFv/V+CF3h7Hxe0YLsL+A/P+q9ZhxIscaNjaclgQhPA+rUr+l8DGoXJ/w yAl1E0SSBK+9phIc/9xFOBg3rCy4ngubzP+lHS1t03nMCBSUNsu5qPzqLBPiKaPabUu3Gr9o koRezSszgM3/zNJfr8cMO93csCK/fBccsMx5q+3nxB5XeT7UciicjfEzUA4m2mQxBmGk9SSU 147Gy8UmdSq57Tw82KqUrQ1pJ6IOzVPLREpwlqGbHykSU3MwtPYPtfQeFVjvO/XcWvoFQjbV UyhzAqMMYFudxoVLlJQiAgU38OScTLDgKxCO41h7VOjb2mss0zHndzGCBZUwggWRAgEBMHQw XTELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2Vy Lm5ldDEiMCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC 2LQU5ho85DANBglghkgBZQMEAgMFAKCCAvIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMjUxMjIyMjIyNTQ2WjBPBgkqhkiG9w0BCQQxQgRAklQQDf0qrvji S2kecmt3GhHgi3J0bc5ZmeCqYVcgNr1EJEIWSgSVME10GZVAQW2W1PZ+ccoXjAx3fxNGV3Ln MTCBgwYJKwYBBAGCNxAEMXYwdDBdMQswCQYDVQQGEwJVUzESMBAGA1UECAwJVGVubmVzc2Vl MRYwFAYDVQQKDA1EZW5uaW5nZXIubmV0MSIwIAYDVQQDDBlEZW5uaW5nZXIuTmV0IFNpZ25p bmcgSW50AhMAmNFtCiCF3j+FwQLYtBTmGjzkMIGFBgsqhkiG9w0BCRACCzF2oHQwXTELMAkG A1UEBhMCVVMxEjAQBgNVBAgMCVRlbm5lc3NlZTEWMBQGA1UECgwNRGVubmluZ2VyLm5ldDEi MCAGA1UEAwwZRGVubmluZ2VyLk5ldCBTaWduaW5nIEludAITAJjRbQoghd4/hcEC2LQU5ho8 5DCCAVcGCSqGSIb3DQEJDzGCAUgwggFEMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYI KoZIhvcNAwcwDQYIKoZIhvcNAwICAQUwDQYIKoZIhvcNAwICAQUwBwYFKw4DAgcwDQYIKoZI hvcNAwICAQUwBwYFKw4DAhowCwYJYIZIAWUDBAIBMAsGCWCGSAFlAwQCAjALBglghkgBZQME AgMwCwYJYIZIAWUDBAIEMAsGCWCGSAFlAwQCBzALBglghkgBZQMEAggwCwYJYIZIAWUDBAIJ MAsGCWCGSAFlAwQCCjALBgkqhkiG9w0BAQEwCwYJK4EFEIZIPwACMAgGBiuBBAELADAIBgYr gQQBCwEwCAYGK4EEAQsCMAgGBiuBBAELAzALBgkrgQUQhkg/AAMwCAYGK4EEAQ4AMAgGBiuB BAEOATAIBgYrgQQBDgIwCAYGK4EEAQ4DMA0GCSqGSIb3DQEBAQUABIICAAxJk4Io368JYRpK fH+zU7P7yqJPTlIPNfvnDXoe1WIxNNn0PVahDI5JRsUjiZFcOngzvDgm1QiM8csfnrf+lEqQ h7IJGqKoahzFRr9bAY15K5JL0Dy4o6fQdMEKfATt4sN/KzI6PKzTGaTZgwyv5/X2vtljWAI0 KhBCkp89hf2YKXHEZc3wmE3B72zxrJcUmZHGj7lh1ZKeeShQXpNXX7BL+XOw7BohDc0tlin4 qLVapVZkaZvE+Qt9rSQKs8zZdw0qj5RyNMv6hRauC4U0vyBpAppGLR90C+fM+NczXWIxZfAt fcT1Dmzv/UiSHhPwvRDZXy9x9rwrKgNVy2iWD2RykDFePkX4jRTWa0AmmuCC2NGHVSYB8Q9x Cr+TILAUDwH7tSB/vKOFYSapyAirxNerpH/ThBadNHT+RAVmDDRODefONFEKwLMw9GtJXtwA TO8A2OjNEwlclDBrFicFIWQ9Emqky7Cx8TvJxwJ0ViBgpUf0WiPKG43hPXut9FnBc8a+uCcJ PIvLFkeyF7onsbSkps3uuUXxCoSlSbtSPsVEfWy1KhtAsnCu7WNX0XGdLXcHJNhCpSN9GTyv vGl4oSStthpVEiiFjnqmOdkMTMtFbi5KTplJE+yqboXLvQIKD+gnc3YGGi4A6nSeHGg5V92/ /C+dJx4gLdq2OHlFixH0AAAAAAAA --------------ms000907020802080609020905--