Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 35
September 2, 2005

SANS Newsletters Home

Sophos, Dameware, and Novell Mail users should read this issue. All readers might also want to warn your users about email scams involving the hurricane. http://www.washingtonpost.com/wp-dyn/content/article/2005/08/31/AR2005083102574_
pf.html

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Third Party Windows Apps
    • 3 (#3)
    • Linux
    • 2
    • Solaris
    • 1 (#1)
    • Unix
    • 3 (#5)
    • Novell
    • 1
    • Cross Platform
    • 2 (#2, #4)
    • Web Application
    • 25

************************ SECURITY TRAINING UPDATE **********************

Network Security 2005 is definitely still on. It will be moving from New Orleans to one of two cities, and we'll let you know Tuesday which city.

San Jose is filling quickly so if you want to attend the SANS Silicon Valley program, please register in the next week or two.

For a complete list of security training programs see www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application
PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Sun Solaris DHCP Clients Remote Compromise
  • Affected:
    • Solaris 10 on SPARC and x86 platforms

  • Description: Solaris contains a vulnerability in handling DHCP responses. The problem arises due to an error in the "net-svc" script, and the flaw can be exploited by an attacker running a malicious DHCP server to obtain "root" privileges on Solaris systems. Although it is easy to spoof DHCP responses, since the protocol is UDP-based, the attacker would need to be on the same subnet as the vulnerable hosts for a higher probability of success. The technical details required to leverage the vulnerability have not been posted.

  • Status: Sun confirmed, patches available. Block ports 67/udp and 68/udp at the network perimeter as a workaround.

  • References:
  • (2) UPDATE: Sophos Antivirus Products Buffer Overflow
  • Affected: All Sophos Anti-Virus versions 3.4.6 thru 5.0.4, except for
    • versions 3.96.0.0 and 4.5.4

  • Description: The technical details of a buffer overflow in Sophos antivirus, PureMessage and MailMonitor products discussed in a previous issue of the @RISK newsletter have been publicly posted. The heap-based overflow exists in the routine that processes Visio files, and can be triggered by setting certain length values in the file headers. Exploiting the mail gateways is easy, as it does not require any user interaction. Users of Sophos products should apply the patches made available earlier last month. The antivirus library is also embedded in products sold by more than 20 vendors, and updates should be applied to any products listed at: http://www.sophos.com/partners/oem/

  • Status: The vendor has confirmed. Version 4.5.4 contains a fix for this problem for all platforms and Version 3.96.0 on selected platforms contains the fix as well.

  • Council Site Actions: The reporting council sites that have the affected software in use do so on only a handful of systems. Their support department does not provide support for this software so no action is planned. They assume the users will upgrade to a corrected version on their own.

  • References:
Other Software
  • (3) HIGH: Dameware Mini Remote Control Server Buffer Overflow
  • Affected: Dameware versions higher than 4.0 and prior to 4.9

  • Description: Dameware is a lightweight program used to remotely manage Windows NT/2000/XP/2003 desktop systems. The Dameware daemon, which listens on port 6129/tcp by default, contains a buffer overflow vulnerability in a section of code responsible for processing username. The flaw can be exploited remotely by unauthenticated attackers to execute arbitrary code with the privileges of the Dameware application. Exploit code has been posted publicly. Note that worms like Agobot/Phatbot have exploited previous overflows in this application.

  • Status: Upgrade to version 4.9. Block the port 6129/tcp at the perimeter.

  • Council Site Actions: Council sites using the affected software have notified the users as their only action at this time.

  • References:
Patches
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 35, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4499 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.35.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Internet Explorer Unspecified Vulnerability
  • Description: Microsoft Internet Explorer is affected by an unspecified remote vulnerability. Reportedly, a successful attack can crash the browser or potentially result in arbitrary code execution. Internet Explorer version 6.0 running on Microsoft Windows XP SP2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14683/info
  • 05.35.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Indiatimes Messenger Remote Buffer Overflow
  • Description: Indiatimes Messenger is an instant messaging client and it is reported prone to a remote buffer overflow vulnerability. This vulnerability affects the "MMClient.MunduMessenger" ActiveX Object. An attacker can trigger a buffer overflow condition in the "MMClient.exe" application by supplying a large string. Indiatimes Messenger version 6.0 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/14705/info
  • 05.35.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DameWare Mini Remote Control Server Username Buffer Overflow
  • Description: DameWare Mini Remote Control Server is a remote administration tool. It is reported to be vulnerable to a remote buffer overflow issue due to improper sanitization of user-supplied input. DameWare Mini Remote Control Server versions 4.8 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14707
  • 05.35.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BFCommand & Control Server Manager Multiple Remote Vulnerabilities
  • Description: Battlefield Command & Control (BFCC) Server Manager is a freely available application designed to manage Battlefield 1942 dedicated servers. Battlefield Vietnam Command & Control (BFVCC) Server Manager is a management application for Battlefield Vietnam dedicated servers. BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities. These vulnerabilities allow remote attackers to gain administrative access in the affected server application, and to deny further access to the application.
  • Ref: http://www.securityfocus.com/archive/1/409504
  • 05.35.5 - CVE: Not Available
  • Platform: Linux
  • Title: Nokia Affix BTSRV Device Name Remote Command Execution
  • Description: Nokia Affix is a Bluetooth protocol stack for Linux platforms. The software ships with OBEX (Object Exchange) File Transfer services named "btsrv/btobex". btsrv is reported affected by a remote command execution vulnerability. Nokia Affix versions 3.2 and earlier are known to be vulnerable.
  • Ref: http://www.digitalmunition.com/DMA%5b2005-0826a%5d.txt
  • 05.35.6 - CVE: Not Available
  • Platform: Linux
  • Title: Astaro Security Linux HTTP CONNECT Unauthorized Access
  • Description: Astaro Security Linux is a network security solution offering a firewall, VPN, antivirus, and intrusion detection. Astaro Security Linux is affected by a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. Astaro Security Linux version 6.001 is known to be vulnerable.
  • Ref: http://secunia.com/advisories/16578/
  • 05.35.7 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris DHCP Client Remote Code Execution
  • Description: The DHCP client script '/lib/svc/method/net-svc' in Sun Solaris 10 contains an unspecified flaw that allows remote attackers to execute arbitrary code with superuser privileges. It is conjectured that a server responding to a DHCP client request could include multiple DNS servers, possibly resulting in the overflowing of a fixed sized memory buffer.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101897-1
  • 05.35.8 - CVE: Not Available
  • Platform: Unix
  • Title: UMN Gopher Client Remote Buffer Overflow
  • Description: UMN Gopher is a client for the Gopher Distributed Hypertext protocol. It is vulnerable to a remote buffer overflow issue when the client handles a malformed "+VIEWS:" reply from a server. University of Minnesota gopherd version 3.0.9 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14693/info
  • 05.35.9 - CVE: Not Available
  • Platform: Unix
  • Title: XNTPD Insecure Privileges
  • Description: Xntpd is a utility designed to synchronize the clocks of computers over a network. Xntpd is prone to an insecure permissions vulnerability. When the xntpd daemon is started with the -u option, one may specify either a string for the group name or a numeric equivalent called the group id. The flaw manifests itself when a string is used as the group name. The application may be started with the effective permissions of a privileged user, and if the application is compromised by some other means, may allow an attacker to conduct further exploits.
  • Ref: http://www.securityfocus.com/advisories/9140
  • 05.35.10 - CVE: CAN-2005-1857
  • Platform: Unix
  • Title: simpleproxy Remote Syslog() Format String
  • Description: simpleproxy is an open source TCP proxy server. It is reported that simpleproxy contains a format string vulnerability. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. This application may be run as the superuser in order to proxy privileged TCP ports. Versions of simpleproxy prior to 3.4 are reported susceptible to this vulnerability.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=351847
  • 05.35.12 - CVE: CAN-2005-2643
  • Platform: Cross Platform
  • Title: Tor Cryptographic Handshake Remote Information Disclosure
  • Description: Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. It is vulnerable to a remote information disclosure issue due to a flaw in the implementation of the Diffie-Hellman key exchange protocol. An attacker could exploit this issue to gain access to the negotiated keys used to encrypt the communications between Tor servers and clients. Please refer the advisory below for a list of vulnerable versions.
  • Ref: http://archives.seul.org/or/announce/Aug-2005/msg00002.html
  • 05.35.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache CGI Byterange Request Denial of Service
  • Description: Apache is a freely available, open source Web server software package. It is distributed and maintained by the Apache Group. Apache is prone to a denial of service when handling large CGI byterange requests. This may also be triggered by ProxyRequests. The problem occurs because Apache does not free memory used in these requests, allowing multiple requests to consume all memory and swap space.
  • Ref: http://www.securityfocus.com/advisories/9117
  • 05.35.14 - CVE: Not Available
  • Platform: Web Application
  • Title: Land Down Under Multiple SQL Injection Vulnerabilities
  • Description: Land Down Under is a content management system. It is reported to be vulnerable to multiple SQL injection issues due to improper sanitization of the "c" parameter of "events.php", "index.php" and "list.php" scripts. Land Down Under version 701 is reported to be vulnerable.
  • Ref: http://secunia.com/advisories/13034/
  • 05.35.15 - CVE: CAN-2005-2580
  • Platform: Web Application
  • Title: MyBB Member.PHP SQL Injection
  • Description: MyBulletinBoard is a web forum application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user supplied input of the "fid" parameter in the "Member.php" script. MyBulletinBoard versions RC4 and earlier are reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14684
  • 05.35.16 - CVE: Not Available
  • Platform: Web Application
  • Title: AutoLinks Pro Al_initialize.PHP Remote File Include
  • Description: AutoLinks Pro is a link exchange management application written in PHP. AutoLinks Pro is affected by a remote file include vulnerability. AutoLinks Pro versions 2.1 and earlier are known to be vulnerable.
  • Ref: http://secunia.com/advisories/16620/
  • 05.35.17 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion BBCode URL Tag Script Injection
  • Description: PHP-Fusion is a content management system that is prone to a script injection vulnerability caused by insufficient sanitization of user-supplied input. An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Please check for vulnerable versions in the reference provided.
  • Ref: http://www.securityfocus.com/bid/14698
  • 05.35.18 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
  • Description: phpldapadmin is a web-based application for administering LDAP servers implemented in PHP. phpldapadmin is affected by multiple input validation vulnerabilities. phpldapadmin versions 0.9.7 alpha 5 and 0.9.6 are known to be vulnerable.
  • Ref: http://rgod.altervista.org/phpldap.html
  • 05.35.19 - CVE: CAN-2005-2654
  • Platform: Web Application
  • Title: phpLDAPadmin Unauthorized Access
  • Description: phpLDAPadmin is a web-based application for administering LDAP servers; it is implemented in PHP. phpLDAPadmin is prone to an unauthorized access vulnerability. This issue is due to a failure in the "login.php" script of the application to properly validate user credentials before granting access to LDAP administrative functions. An attacker can exploit this vulnerability to login to the server anonymously, and utilize administrative functions to modify the LDAP database.
  • Ref: http://www.securityfocus.com/bid/14694
  • 05.35.20 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeStyle Wiki Arbitrary Perl Command Execution
  • Description: FreeStyle Wiki is a wiki clone implemented in Perl. It is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize input to the management page. An attacker can exploit this vulnerability to execute arbitrary Perl commands in the context of the affected application. FreeStyle Wiki version 3.5.8 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/14698
  • 05.35.21 - CVE: Not Available
  • Platform: Web Application
  • Title: BlueWhaleCRM AccountID SQL Injection
  • Description: BlueWhaleCRM is a .NET-based CRM application. It is prone to an SQL injection vulnerability caused by improper sanitization of user-supplied input to the "AccountID" field when searching for accounts in the application. BlueWhaleCRM versions 1.0.2 and 1.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14697
  • 05.35.22 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 Forum_post.PHP Arbitrary Post Creation
  • Description: e107 is a web-based content management system. It is vulnerable to an input validation vulnerability due to improper sanitization of user-supplied input to the "nt" field of the "forum_post.php" script. Successful exploitation of this issue will permit an attacker to create arbitrary forum message posts. e107 versions 0.67 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/14699/info
  • 05.35.23 - CVE: Not Available
  • Platform: Web Application
  • Title: FlatNuke USR Parameter Cross-Site Scripting
  • Description: FlatNuke is a content management system that is based entirely on plain text files rather than a database. FlatNuke is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://www.securityfocus.com/bid/14704
  • 05.35.24 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum Arbitrary PHP Code Injection
  • Description: Simple Machines Forum (SMF) is web forum software implemented in PHP. It is prone to an arbitrary PHP code injection vulnerability caused by insufficient sanitization of user supplied input to the URI supplied for the user avatar. Simple Machines SMF version 1.0.5 is reported to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/14706
  • 05.35.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Cosmoshop Multiple SQL Injection Vulnerabilities
  • Description: Cosmoshop is a commercial shopping cart system. It is vulnerable to multiple SQL injection issues due to improper sanitization of input to several CGI scipts. Successful exploitation can result in gaining full administrative access within the context of the affected application. Cosmoshop version 8.10.78 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/409510
  • 05.35.26 - CVE: Not Available
  • Platform: Web Application
  • Title: Looking Glass Remote Command Execution
  • Description: Looking Glass is a web-based application that provides network utilities such as ping, traceroute, tracepath, nslookup, host and whois. Looking Glass is affected by a remote command execution vulnerability. All versions of Looking Glass are known to be vulnerable.
  • Ref: http://secunia.com/advisories/16607/
  • 05.35.27 - CVE: Not Available
  • Platform: Web Application
  • Title: Looking Glass Cross-Site Scripting
  • Description: Looking Glass is a web-based application that provides network utilities such as ping, traceroute, tracepath, nslookup, host and whois. Looking Glass is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software.
  • Ref: http://www.securityfocus.com/archive/1/409399
  • 05.35.28 - CVE: Not Available
  • Platform: Web Application
  • Title: SqWebMail HTML Email IMG Tag Script Injection
  • Description: SqWebMail is a web-based mail application. It is vulnerable to a cross site scripting issue that might allow remote attackers to inject arbitrary code in an IMG tag and send this to a victim user. This may allow for various attacks including session hijacking due to the theft of user credentials. SqWebMail version 5.0.4 is reportedly vulnerable.
  • Ref: http://www.securityfocus.com/bid/14676/info
  • 05.35.29 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal
  • Description: Simple PHP Blog is prone to a directory traversal vulnerability. This issue is due to insufficient sanitization of user-supplied input to the "comment_delete_cgi.php" script. Simple PHP Blog version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/14681
  • 05.35.30 - CVE: Not Available
  • Platform: Web Application
  • Title: phpWebNotes Api.PHP Remote File Include
  • Description: phpWebNotes is a PHP/MySQL-based Web annotation system. phpWebNotes is susceptible to a remote file include vulnerability. The "t_path_core" parameter of the "api.php" script is not properly sanitized, allowing attackers to specify remotely-hosted script files to be executed in the context of the Web server hosting the vulnerable software.
  • Ref: http://www.securityfocus.com/bid/14679
  • 05.35.31 - CVE: CAN-2005-0928
  • Platform: Web Application
  • Title: PhotoPost Cross Site Scripting
  • Description: PhotoPost is an image gallery application. It is vulnerable to a cross site scripting issue due to insufficient sanitization of the EXIF data stored in image files. PhotoPost Pro version 5.1 is reported to be vulnerable.
  • Ref: http://cedri.cc/advisories/EXIF_XSS.txt
  • 05.35.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery Script Injection Vulnerability
  • Description: Gallery is an image gallery application written in PHP. It is reported to be vulnerable to a script injection issue due to improper sanitization of EXIF image files before displaying them. Gallery Script versions 1.5.1-RC2 and earlier are reported to be vulnerable.
  • Ref: http://secunia.com/advisories/16594/
  • 05.35.33 - CVE: Not Available
  • Platform: Web Application
  • Title: phpGraphy Script Injection Vulnerability
  • Description: phpGraphy is an image gallery application. It is vulnerable to an EXIF script injection issue due to improper sanitization of user-supplied input. A remote attacker could leverage this issue to steal cookie-based authentication credentials. phpGraphy version 0.9.9a is vulnerable.
  • Ref: http://cedri.cc/advisories/EXIF_XSS.txt
  • 05.35.34 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Cookie.Auth.Lib.PHP HTML Injection
  • Description: phpMyAdmin is a web-based MySQL database management application. It is prone to an HTML injection vulnerability caused by insufficient sanitization of user-supplied input to the "Username" field of the "cookie.auth.lib.php" script. phpMyAdmin versions prior to 2.6.4-rc1 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/14674
  • 05.35.35 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin Error.PHP Cross-Site Scripting Vulnerability
  • Description: phpMyAdmin is a web-based MySQL database management application. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "error" URL parameter in the "error.php" script.
  • Ref: http://www.securityfocus.com/bid/14675
  • 05.35.36 - CVE: Not Available
  • Platform: Web Application
  • Title: HP OpenView Network Node Manager Remote Command Execution Vulnerability
  • Description: HP OpenView Network Node Manager is a commercial systems management software package. It is reported to be vulnerable to a remote command execution issue due to improper sanitization of user-supplied input to the "node" URL parameter of the "OvCgi/connectedNodes.ovpl" script. This issue affects versions 6.41 and 7.5 on the Solaris platform.
  • Ref: http://www.securityfocus.com/bid/14662
  • 05.35.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Blog Remote Arbitrary File Upload
  • Description: Simple PHP Blog is prone to a remote arbitrary file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded via the "upload_img_cgi.php" script. Simple PHP Blog 0.4.0 is affected by this issue. Other versions may be vulnerable as well.
  • Ref: http://www.securityfocus.com/bid/14667
  • 05.35.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Foojan PHPWeblog Html Injection
  • Description: Foojan PHPWeblog is a Persian language web chat application. It is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input to the "HTTP_USER_AGENT" and "HTTP_REFERRER" HTTP header fields of the "gmain.php" script.
  • Ref: http://www.securityfocus.com/bid/14658

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Attending a SANS conference provides attendees with a great opportunity to learn from and share with world class IS Security professionals at a reasonable cost.
-Theresa Wahl, USAF

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU