<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>Re: [cisco-voip] next versions of CallManager....8.5, 8.6, 9.0, 9.1</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>In case anyone cares……<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Cisco Security Advisory: Cisco Unified Communications Manager Denial<br>
of Service Vulnerabilities<br>
<br>
Advisory ID: cisco-sa-20100825-cucm<br>
<br>
Revision 1.0<br>
<br>
For Public Release 2010 August 25 1600 UTC (GMT)<br>
<br>
+---------------------------------------------------------------------<br>
<br>
Summary<br>
=======<br>
<br>
Cisco Unified Communications Manager contains two denial of service<br>
(DoS) vulnerabilities that affect the processing of Session<br>
Initiation Protocol (SIP) messages. Exploitation of these<br>
vulnerabilities could cause an interruption of voice services.<br>
<br>
Cisco has released free software updates that address these<br>
vulnerabilities. There are no workarounds for these vulnerabilities.<br>
<br>
This advisory is posted at:<br>
<br>
<a href="http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml</a><br>
<br>
Affected Products<br>
=================<br>
<br>
Vulnerable Products<br>
+------------------<br>
<br>
The following products are affected by vulnerabilities that are<br>
described in this advisory:<br>
<br>
* Cisco Unified Communications Manager 6.x<br>
* Cisco Unified Communications Manager 7.x<br>
* Cisco Unified Communications Manager 8.x<br>
<br>
Products Confirmed Not Vulnerable<br>
+--------------------------------<br>
<br>
Cisco Unified Communications Manager version 4.x is not affected by<br>
these vulnerabilities. No other Cisco products are currently known to<br>
be affected by these vulnerabilities.<br>
<br>
Details<br>
=======<br>
<br>
Cisco Unified Communications Manager is the call processing component<br>
of the Cisco IP Telephony solution that extends enterprise telephony<br>
features and functions to packet telephony network devices, such as<br>
IP phones, media processing devices, VoIP gateways, and multimedia<br>
applications.<br>
<br>
Cisco Unified Communications Manager contains two DoS vulnerabilities<br>
that involve the processing of SIP messages. Each vulnerability is<br>
triggered by a malformed SIP message that could cause a critical<br>
process to fail, which could result in the disruption of voice<br>
services. All SIP ports (TCP ports 5060 and 5061, UDP ports 5060 and<br>
5061) are affected.<br>
<br>
The first SIP DoS vulnerability is documented in Cisco bug ID<br>
CSCtd17310 and has been assigned the CVE identifier CVE-2010-2837.<br>
This vulnerability is fixed in Cisco Unified Communications Manager<br>
versions 6.1(5)SU1, 7.0(2a)SU3, 7.1(3b)SU2, 7.1(5) and 8.0(1). Cisco<br>
Unified Communications Manager version 4.x is not affected.<br>
<br>
The second SIP DoS vulnerability is documented in Cisco bug ID<br>
CSCtf66305 and has been assigned the CVE identifier CVE-2010-2838.<br>
The second vulnerability is fixed in Cisco Unified Communications<br>
Manager versions 7.0(2a)SU3, 7.1(5) and 8.0(3). Cisco Unified<br>
Communications Manager versions 4.x and 6.x are not affected.<br>
<br>
Vulnerability Scoring Details<br>
=============================<br>
<br>
Cisco has provided scores for the vulnerabilities in this advisory<br>
based on the Common Vulnerability Scoring System (CVSS). The CVSS<br>
scoring in this Security Advisory is done in accordance with CVSS<br>
version 2.0.<br>
<br>
CVSS is a standards-based scoring method that conveys vulnerability<br>
severity and helps determine urgency and priority of response.<br>
<br>
Cisco has provided a base and temporal score. Customers can then<br>
compute environmental scores to assist in determining the impact of<br>
the vulnerability in individual networks.<br>
<br>
Cisco has provided an FAQ to answer additional questions regarding<br>
CVSS at:<br>
<br>
<a href="http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html">http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html</a><br>
<br>
Cisco has also provided a CVSS calculator to help compute the<br>
environmental impact for individual networks at:<br>
<br>
<a href="http://intellishield.cisco.com/security/alertmanager/cvss">http://intellishield.cisco.com/security/alertmanager/cvss</a><br>
<br>
CSCtd17310 - potential core dump issue in SIPStationInit code<br>
<br>
CVSS Base Score - 7.8<br>
<br>
Access Vector -
Network<br>
Access Complexity - Low<br>
Authentication - None<br>
Confidentiality Impact - None<br>
Integrity Impact - None<br>
Availability Impact - Complete<br>
<br>
CVSS Temporal Score - 6.4<br>
<br>
Exploitability -
Functional<br>
Remediation Level - Official-Fix<br>
Report Confidence - Confirmed<br>
<br>
CSCtf66305 - CCM Coredump From SendCombinedStatusInfo on<br>
Fuzzed REGISTER Message<br>
<br>
CVSS Base Score - 7.8<br>
<br>
Access Vector -
Network<br>
Access Complexity - Low<br>
Authentication - None<br>
Confidentiality Impact - None<br>
Integrity Impact - None<br>
Availability Impact - Complete<br>
<br>
CVSS Temporal Score - 6.4<br>
<br>
Exploitability -
Functional<br>
Remediation Level - Official-Fix<br>
Report Confidence - Confirmed<br>
<br>
Impact<br>
======<br>
<br>
Successful exploitation of the vulnerabilities that are described in<br>
this advisory could result in the interruption of voice services.<br>
Cisco Unified Communications Manager will restart the affected<br>
processes, but repeated attacks may result in a sustained DoS<br>
Condition.<br>
<br>
Software Versions and Fixes<br>
===========================<br>
<br>
When considering software upgrades, also consult:<br>
<br>
<a href="http://www.cisco.com/go/psirt">http://www.cisco.com/go/psirt</a><br>
<br>
and any subsequent advisories to determine exposure and a<br>
complete upgrade solution.<br>
<br>
In all cases, customers should exercise caution to be certain the<br>
devices to be upgraded contain sufficient memory and that current<br>
hardware and software configurations will continue to be supported<br>
properly by the new release. If the information is not clear, contact<br>
the Cisco Technical Assistance Center (TAC) or your contracted<br>
maintenance provider for assistance.<br>
<br>
+---------------------------------------+<br>
| Cisco Unified |
Recommended |<br>
| Communication Manager | Release |<br>
| Version
|
|<br>
|-------------------------+-------------|<br>
| 6.x
|
6.1(5)SU1 |<br>
|-------------------------+-------------|<br>
| 7.x
|
7.1(5b)SU2 |<br>
|-------------------------+-------------|<br>
| 8.x
|
8.0(3a) |<br>
+---------------------------------------+<br>
<br>
Note: The recommended releases listed in the table above are the<br>
latest Cisco Unified Communications Manager versions available at the<br>
publication of this advisory, and each release includes software<br>
fixes for all the vulnerabilities described in this advisory.<br>
<br>
Cisco Unified Communications Manager software can be downloaded at<br>
the following link:<br>
<br>
<a href="http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268439621">http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268439621</a><br>
<br>
Workarounds<br>
===========<br>
<br>
There are no workarounds for the vulnerabilities described in this<br>
advisory.<br>
<br>
It is possible to mitigate this vulnerability by implementing<br>
filtering on screening devices and permitting access to TCP ports<br>
5060 and 5061 and to UDP ports 5060 and 5061 only from networks that<br>
require SIP access to Cisco Unified Communications Manager servers.<br>
<br>
If Cisco Unified Communications Manager does not need to provide SIP<br>
services, administrators can configure the Cisco Unified<br>
Communications Manager to listen for SIP messages on non-standard<br>
ports. Use the following instructions to change the ports from their<br>
default values:<br>
<br>
Step 1: Log into the Cisco Unified Communications Manager<br>
Administration web interface.<br>
<br>
Step 2: Navigate to System > Cisco Unified CM and locate the<br>
appropriate Cisco Unified Communications Manager.<br>
<br>
Step 3: Change the SIP Phone Port and SIP Phone Secure Port fields to<br>
a non-standard port and click Save.<br>
<br>
The SIP Phone Port, which is set to 5060 by default, refers to the<br>
TCP and UDP ports on which the Cisco Unified Communications Manager<br>
listens for normal SIP messages. SIP Phone Secure Port, which is set<br>
to 5061 by default, refers to the TCP port on which the Cisco Unified<br>
Communications Manager listens for SIP over Transport Layer Security<br>
(TLS) messages. For additional information about this procedure,<br>
refer to the "Updating a Cisco Unified Communications Manager"<br>
section of the "Cisco Unified Communications Manager Administration<br>
Guide" at:<br>
<br>
<a
href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/admin/7_0_1/ccmcfg/b02ccm.html#wp1057513">http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/admin/7_0_1/ccmcfg/b02ccm.html#wp1057513</a><br>
<br>
Note: For a SIP port change to take effect, the Cisco CallManager<br>
Service must be restarted. For information on how to restart the<br>
service, refer to the "Restarting the Cisco CallManager Service"<br>
section of the administration guide at:<br>
<br>
<a
href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/admin/7_0_1/ccmcfg/b03dpi.html#wp1075124">http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/admin/7_0_1/ccmcfg/b03dpi.html#wp1075124</a><br>
<br>
Additional mitigation techniques that can be deployed on Cisco<br>
devices within the network are available in the Cisco Applied<br>
Mitigation Bulletin companion document for this advisory:<br>
<br>
<a href="http://www.cisco.com/warp/public/707/cisco-amb-20100825-cucm-cup.shtml">http://www.cisco.com/warp/public/707/cisco-amb-20100825-cucm-cup.shtml</a><br>
<br>
Obtaining Fixed Software<br>
========================<br>
<br>
Cisco has released free software updates that address these<br>
vulnerabilities. Prior to deploying software, customers should<br>
consult their maintenance provider or check the software for feature<br>
set compatibility and known issues specific to their environment.<br>
<br>
Customers may only install and expect support for the feature sets<br>
they have purchased. By installing, downloading, accessing or<br>
otherwise using such software upgrades, customers agree to be bound<br>
by the terms of Cisco's software license terms found at:<br>
<br>
<a href="http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html">http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html</a><br>
<br>
or as otherwise set forth at <a href="http://Cisco.com">Cisco.com</a> Downloads
at:<br>
<br>
<a href="http://www.cisco.com/public/sw-center/sw-usingswc.shtml">http://www.cisco.com/public/sw-center/sw-usingswc.shtml</a><br>
<br>
Do not contact <a href="mailto:psirt@cisco.com">psirt@cisco.com</a> or <a
href="mailto:security-alert@cisco.com">security-alert@cisco.com</a> for<br>
software upgrades.<br>
<br>
Customers with Service Contracts<br>
+-------------------------------<br>
<br>
Customers with contracts should obtain upgraded software through<br>
their regular update channels. For most customers, this means that<br>
upgrades should be obtained through the Software Center on Cisco's<br>
worldwide website at <a href="http://www.cisco.com">http://www.cisco.com</a>.<br>
<br>
Customers using Third Party Support Organizations<br>
+------------------------------------------------<br>
<br>
Customers whose Cisco products are provided or maintained through<br>
prior or existing agreements with third-party support organizations,<br>
such as Cisco Partners, authorized resellers, or service providers<br>
should contact that support organization for guidance and assistance<br>
with the appropriate course of action in regards to this advisory.<br>
<br>
The effectiveness of any workaround or fix is dependent on specific<br>
customer situations, such as product mix, network topology, traffic<br>
behavior, and organizational mission. Due to the variety of affected<br>
products and releases, customers should consult with their service<br>
provider or support organization to ensure any applied workaround or<br>
fix is the most appropriate for use in the intended network before it<br>
is deployed.<br>
<br>
Customers without Service Contracts<br>
+----------------------------------<br>
<br>
Customers who purchase direct from Cisco but do not hold a Cisco<br>
service contract, and customers who purchase through third-party<br>
vendors but are unsuccessful in obtaining fixed software through<br>
their point of sale should acquire upgrades by contacting the Cisco<br>
Technical Assistance Center (TAC). TAC contacts are as follows.<br>
<br>
* +1 800 553 2447 (toll free from within North America)<br>
* +1 408 526 7209 (toll call from anywhere in the world)<br>
* e-mail: <a href="mailto:tac@cisco.com">tac@cisco.com</a><br>
<br>
Customers should have their product serial number available and be<br>
prepared to give the URL of this notice as evidence of entitlement to<br>
a free upgrade. Free upgrades for non-contract customers must be<br>
requested through the TAC.<br>
<br>
Refer to:<br>
<br>
<a href="http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html">http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html</a><br>
<br>
for additional TAC contact information, including localized telephone<br>
numbers, and instructions and e-mail addresses for use in various<br>
languages.<br>
<br>
Exploitation and Public Announcements<br>
=====================================<br>
<br>
The Cisco PSIRT is not aware of any public announcements or malicious<br>
use of the vulnerabilities described in this advisory.<br>
<br>
All vulnerabilities described in this advisory were discovered as a<br>
result of internal testing conducted by Cisco.<br>
<br>
Status of this Notice: FINAL<br>
<br>
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY<br>
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF<br>
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE<br>
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS<br>
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS<br>
DOCUMENT AT ANY TIME.<br>
<br>
A stand-alone copy or Paraphrase of the text of this document that<br>
omits the distribution URL in the following section is an<br>
uncontrolled copy, and may lack important information or contain<br>
factual errors.<br>
<br>
Distribution<br>
============<br>
<br>
This advisory is posted on Cisco's worldwide website at:<br>
<br>
<a href="http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml</a><br>
<br>
In addition to worldwide web posting, a text version of this notice<br>
is clear-signed with the Cisco PSIRT PGP key and is posted to the<br>
following e-mail and Usenet news recipients.<br>
<br>
* <a href="mailto:cust-security-announce@cisco.com">cust-security-announce@cisco.com</a><br>
* <a href="mailto:first-bulletins@lists.first.org">first-bulletins@lists.first.org</a><br>
* <a href="mailto:bugtraq@securityfocus.com">bugtraq@securityfocus.com</a><br>
* <a href="mailto:vulnwatch@vulnwatch.org">vulnwatch@vulnwatch.org</a><br>
* <a href="mailto:cisco@spot.colorado.edu">cisco@spot.colorado.edu</a><br>
* <a href="mailto:cisco-nsp@puck.nether.net">cisco-nsp@puck.nether.net</a><br>
* <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>
* <a href="mailto:comp.dcom.sys.cisco@newsgate.cisco.com">comp.dcom.sys.cisco@newsgate.cisco.com</a><br>
<br>
Future updates of this advisory, if any, will be placed on Cisco's<br>
worldwide website, but may or may not be actively announced on<br>
mailing lists or newsgroups. Users concerned about this problem are<br>
encouraged to check the above URL for any updates.<br>
<br>
Revision History<br>
================<br>
<br>
+---------------------------------------+<br>
| Revision |
|
Initial |<br>
| 1.0 | 2010-August-25 | public
|<br>
| |
|
release. |<br>
+---------------------------------------+<br>
<br>
Cisco Security Procedures<br>
=========================<br>
<br>
Complete information on reporting security vulnerabilities in Cisco<br>
products, obtaining assistance with security incidents, and<br>
registering to receive security information from Cisco, is available<br>
on Cisco's worldwide website at:<br>
<br>
<a
href="http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html">http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html</a><br>
<br>
This includes instructions for press inquiries regarding Cisco security<br>
notices. All Cisco security advisories are available at:<br>
<br>
<a href="http://www.cisco.com/go/psirt">http://www.cisco.com/go/psirt</a><br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iD8DBQFMdTMv86n/Gc8U/uARAhciAJsGgwmnwmxM4+ItSUDJt2vUCwH23wCeMzq0<br>
rlBwyt/DCxVGJvxOJgsExw4=<br>
=MLP6<br>
-----END PGP SIGNATURE-----<o:p></o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Tim </span></b><i><span style='font-size:8.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p></o:p></span></i></p>
</div>
<p class=MsoNormal><span style='color:gray'><o:p> </o:p></span></p>
</div>
</body>
</html>