More big security holes in Linux

Open-source developers have reported two security holes in Linux components 
that can allow attackers to gain control of a PC. By tricking a user into 
viewing a specially crafted image file, an attacker can exploit a bug in the 
Imlib library, used by graphics-viewing applications, to execute malicious 
code. The bug is caused by a boundary error in the decoding of 
runlength-encoded bitmap images, which can be exploited to cause a buffer 
overflow. Gentoo, MandrakeSoft SA, and other Linux vendors have begun 
distributing fixes for the bug, which affects Imlib 1.x and imlib2 1.x. Red 
Hat Incorporated also warned of three security holes in LHA, a compression 
and decompression utility for LHarc-format archives, which affect all 
versions through 1.14. The vulnerabilities could allow the execution of 
malicious code if a user were to extract or test a malicious archive or pass 
a specially crafted command line to the lha command. The third bug could 
allow an attacker to create a directory with shell meta characters in its 
name, leading to arbitrary command execution. Security firm Secunia 
announced that all three of the bugs could be avoided by staying away from 
untrusted archives, and patches are available.

http://www.infoworld.com/article/04/09/09/HNmorelinuxholes_1.html


-- 
Don

Track or post software updates in http://cou.dozleng.com 
0
Don
9/10/2004 8:54:00 AM
grc.security 16608 articles. 3 followers. Follow

16 Replies
501 Views

Similar Articles

[PageSpeed] 8
Get it on Google Play
Get it on Apple App Store

"Don" <dbuenaventura@mvps.org> wrote in message
news:chrq7h$d7r$1@news.grc.com...
> Open-source developers have reported two security holes in Linux
components
> that can allow attackers to gain control of a PC. By tricking a user into
> viewing a specially crafted image file, an attacker can exploit a bug in
the
> Imlib library, used by graphics-viewing applications, to execute malicious
> code. The bug is caused by a boundary error in the decoding of
> runlength-encoded bitmap images, which can be exploited to cause a buffer
> overflow. Gentoo, MandrakeSoft SA, and other Linux vendors have begun
> distributing fixes for the bug, which affects Imlib 1.x and imlib2 1.x.
Red
> Hat Incorporated also warned of three security holes in LHA, a compression
> and decompression utility for LHarc-format archives, which affect all
> versions through 1.14. The vulnerabilities could allow the execution of
> malicious code if a user were to extract or test a malicious archive or
pass
> a specially crafted command line to the lha command. The third bug could
> allow an attacker to create a directory with shell meta characters in its
> name, leading to arbitrary command execution. Security firm Secunia
> announced that all three of the bugs could be avoided by staying away from
> untrusted archives, and patches are available.

So, if you download an image or archive from an untrustworthy source, you
could be hurt.

Presenting that as a "big security hole in Linux" is pure FUD.

Those libraries are NOT linux. They are not even GNU libs.

Justin
0
Justin
9/10/2004 7:44:00 PM
>So, if you download an image or archive from an untrustworthy source, you
>could be hurt.

>Presenting that as a "big security hole in Linux" is pure FUD.

Strange. That is described as a big security hole in Windows all the time.
-- 
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com
0
Crash
9/10/2004 8:06:00 PM
""Crash" Dummy" <dvader@deathstar.mil> wrote in message
news:cht1gj$h7j$1@news.grc.com...
> >So, if you download an image or archive from an untrustworthy source, you
> >could be hurt.
>
> >Presenting that as a "big security hole in Linux" is pure FUD.
>
> Strange. That is described as a big security hole in Windows all the time.

Could you please be more vague.
0
Justin
9/10/2004 8:44:00 PM
""Crash" Dummy" <dvader@deathstar.mil> wrote in message
news:cht1gj$h7j$1@news.grc.com...
> >So, if you download an image or archive from an untrustworthy source, you
> >could be hurt.
>
> >Presenting that as a "big security hole in Linux" is pure FUD.
>
> Strange. That is described as a big security hole in Windows all the time.

First of all, Microsoft's own application division is a major part of the
problem. Since Microsoft
makes Windows, it's more accurate to blame Microsoft for a security hole in
outlook than it is to
blame linux for a security hole in an image library that has nothing to do
with linux or even the GNU
operating system components.
0
Justin
9/10/2004 8:47:00 PM
"Justin M. Keyes" <m9u35@yahoo.com> wrote in message
news:cht3si$jkf$1@news.grc.com...
>
> ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
> news:cht1gj$h7j$1@news.grc.com...
> > >So, if you download an image or archive from an untrustworthy source,
you
> > >could be hurt.
> >
> > >Presenting that as a "big security hole in Linux" is pure FUD.
> >
> > Strange. That is described as a big security hole in Windows all the
time.
>
> First of all, Microsoft's own application division is a major part of the
> problem. Since Microsoft
> makes Windows, it's more accurate to blame Microsoft for a security hole
in
> outlook than it is to
> blame linux for a security hole in an image library that has nothing to do
> with linux or even the GNU
> operating system components.

imlib is an image library that is included with many linux distributions but
has nothing to do with running a linux server. Many linux servers run
without any X-window/GUI components at all.

imlib is optional even if you run a GUI. There are other options out there
for reading image files on a linux system.

You may as well say that file sharing via p2p is a Windows vulnerability. It
has nothing to do with windows. running p2p software is the user's choice.

Whoever title this thread "more big security holes in linux" is obviously
some joker who knows nothing about linux and is trying to gather any
evidence he can that windows is teh bestest and we can blissfully deny the
fact that linux is more secure.
0
Justin
9/10/2004 8:57:00 PM
In grc.security Justin M. Keyes wrote:

> 
> ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
> news:cht1gj$h7j$1@news.grc.com...
>> >So, if you download an image or archive from an untrustworthy
>> >source, you could be hurt.
>>
>> >Presenting that as a "big security hole in Linux" is pure FUD.
>>
>> Strange. That is described as a big security hole in Windows all
>> the time. 
> 
> First of all, Microsoft's own application division is a major part
> of the problem. Since Microsoft
> makes Windows, it's more accurate to blame Microsoft for a
> security hole in outlook than it is to
> blame linux for a security hole in an image library that has
> nothing to do with linux or even the GNU
> operating system components.

Point made IMHO.  But one might argue generically that the OS (any 
OS) should be designed to inhibit or prevent such "module" or library 
problems in the first place.  <BG>   
0
Mark
9/10/2004 8:59:00 PM
On 2004-09-10, Justin M. Keyes <m9u35@yahoo.com> wrote:
>
> "Justin M. Keyes" <m9u35@yahoo.com> wrote in message
> news:cht3si$jkf$1@news.grc.com...
>>
>> ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
>> news:cht1gj$h7j$1@news.grc.com...
>> > >So, if you download an image or archive from an untrustworthy source,
> you
>> > >could be hurt.
>> >
>> > >Presenting that as a "big security hole in Linux" is pure FUD.
>> >
>> > Strange. That is described as a big security hole in Windows all the
> time.
>>
>> First of all, Microsoft's own application division is a major part of the
>> problem. Since Microsoft
>> makes Windows, it's more accurate to blame Microsoft for a security hole
> in
>> outlook than it is to
>> blame linux for a security hole in an image library that has nothing to do
>> with linux

It has to do with the OS people commonly refer to as 'linux'. Yes, linux
is actually the kernel, not all the rest. No one says 'hole in MS
application division software' when the vulnerability is in IE. The say
'hole in windows' in a headline. I don't see how this seadline is
particularly different.

>> or even the GNU
>> operating system components.
>
> imlib is an image library that is included with many linux distributions but
> has nothing to do with running a linux server.

I don't think anyone said it did.

> Many linux servers run
> without any X-window/GUI components at all.

Sure. But who said anything about servers ?

> imlib is optional even if you run a GUI. There are other options out there
> for reading image files on a linux system.

Sure, it's 'optional'... unless you run something that depends on it or
uses it ... like say the gnome desktop environment. Sure, Gnome is
optional too.... does this make the vulnerability not exist or
something?

> You may as well say that file sharing via p2p is a Windows vulnerability. It
> has nothing to do with windows. running p2p software is the user's choice.

So what you are saying is that anything that isn't the linux kernel
should never be touted as a vulnerability in linux in a headline ?

> Whoever title this thread "more big security holes in linux" is obviously
> some joker who knows nothing about linux and is trying to gather any
> evidence he can that windows is teh bestest and we can blissfully deny the
> fact that linux is more secure.

The article didn't say anything about windows ... you did. I thnk you
are all worked up over a non-issue.
-- 
Bloated Elvis
0
Bloated
9/10/2004 10:28:00 PM
"Bloated Elvis" <bloated_elvis@stuffing.nowhere.com> wrote in message
news:cht9qf$oon$1@news.grc.com...
> On 2004-09-10, Justin M. Keyes <m9u35@yahoo.com> wrote:
> >
> > "Justin M. Keyes" <m9u35@yahoo.com> wrote in message
> > news:cht3si$jkf$1@news.grc.com...

> >> First of all, Microsoft's own application division is a major part of
the
> >> problem. Since Microsoft
> >> makes Windows, it's more accurate to blame Microsoft for a security
hole
> > in
> >> outlook than it is to
> >> blame linux for a security hole in an image library that has nothing to
do
> >> with linux
>
> It has to do with the OS people commonly refer to as 'linux'. Yes, linux
> is actually the kernel, not all the rest. No one says 'hole in MS
> application division software' when the vulnerability is in IE. The say
> 'hole in windows' in a headline. I don't see how this seadline is
> particularly different.

Newsflash: Windows _requires_ IE to operate! That's one of the main reasons
Windows continues to be so insecure--integration with a giant, bloated piece
of software that has _nothing_ to do with an operating system. They did this
for marketing reasons, _not_ technical reasons.

> > You may as well say that file sharing via p2p is a Windows
vulnerability. It
> > has nothing to do with windows. running p2p software is the user's
choice.
>
> So what you are saying is that anything that isn't the linux kernel
> should never be touted as a vulnerability in linux in a headline ?

No. I'm saying that programs that are clearly seperate from GNU/linux are
not linux vulnerabilities, just like many Outlook vulnerabilities aren't
Windows vulnerabilities, and are not touted as such!

The original poster comes off to me as some ignorant guy who is way too
excited to point out flaws in linux.

> > Whoever title this thread "more big security holes in linux" is
obviously
> > some joker who knows nothing about linux and is trying to gather any
> > evidence he can that windows is teh bestest and we can blissfully deny
the
> > fact that linux is more secure.
>
> The article didn't say anything about windows ... you did. I thnk you
> are all worked up over a non-issue.

I'm not worked up. I just think the original poster is silly. I'm not gonna
sit quietly while someone spouts nonsense.
0
Justin
9/10/2004 11:10:00 PM
Justin M. Keyes and others wrote:
<snip!>

from the Infoworld article:
 > Security firm Secunia announced that all three of the bugs could be 
avoided by staying away from untrusted archives, and ***patches are 
available.***

http://www.infoworld.com/article/04/09/09/HNmorelinuxholes_1.html

-- 

One thing that I find interesting (and that I've seen happen often) is 
that there's ALREADY a fix.  That's what I like about open source.

EVERY system is going to have some holes.  The more users, the more 
interested hackers are going to be in finding exploits.  What matters is 
how fast you find them and fix them.

-- 
~ Rosanne
Don�t save my sneakemail address � when it gets spammed, it gets changed.
0
Rosanne
9/10/2004 11:40:00 PM
On Fri, 10 Sep 2004 19:10:26 -0400, Justin M. Keyes wrote:

> 
> The original poster comes off to me as some ignorant guy who is way too
> excited to point out flaws in linux.
> 
>>> Whoever title this thread "more big security holes in linux" is
> obviously
>>> some joker who knows nothing about linux and is trying to gather any
>>> evidence he can that windows is teh bestest and we can blissfully deny
> the
>>> fact that linux is more secure.
>>
>> The article didn't say anything about windows ... you did. I thnk you
>> are all worked up over a non-issue.
> 
> I'm not worked up. I just think the original poster is silly. I'm not gonna
> sit quietly while someone spouts nonsense.

Actually, the OP (Don) took the thread title from the title of the
InfoWorld article to which the link referred, as usual. The article quotes
sources such as 'Linux vendor Red Hat Inc.' 
Having actually read the InfoWorld article, I thought it a quite
respectable and reasonable piece, drawing attention to possible problems
which might affect Linux users. It didn't even use any difficult words.

Bruce Henderson
0
Bruce
9/11/2004 1:14:00 PM
Justin wrote:
> Whoever title this thread "more big security holes in linux" is obviously
> some joker who knows nothing about linux and is trying to gather any
> evidence he can that windows is teh bestest and we can blissfully deny the
> fact that linux is more secure.

I think it's great that people are finding the security holes in Linux ,
means they're getting fixed (In a small fraction of the time it takes
M$ to do it ) It also proves more people are looking into Linux as a
OS , I know I am ,so the more bugs they can find and fix before I switch
the better. There isn't any such animal as a perfect OS and never will 
be if humans are involved. I like to bitch about M$ as much as any one
as they have seemed to developed a culture of 'ease of use before a
saftey of system' in the pc and bussiness world, and now its bitting 
them in the ass as a result. the writting is on the wall and they're 
afraid, as well they should be , if I saw a serious threat to my 
financial well being I would try everything and anything to stop it as 
well. But it's too late now, it's as if they " Have awoken a sleeping
giant" I don't see this happening overnight but it will happen.

-- 
64 bit computing : Twice as many errors ,Twice as fast!
0
I
9/11/2004 7:57:00 PM
And I think "Don" (if that was your real name,lol)
does a pretty good job of keeping up with this stuff

-- 
I.R.Wolfen
0
I
9/11/2004 9:28:00 PM
Robert wrote:
> I.R.Baboon <I.R.Baboon@NoChimpsAllowed.org> wrote:
> 
>>> And I think "Don" (if that was your real name,lol)
>>> does a pretty good job of keeping up with this stuff
> 
> 
> I believe her real name is Donna.

  Yeah I Thought so :-) Thanks!

-- 
I shall drink no beer before its time... Its time
0
Wolfen
9/11/2004 9:49:00 PM
I.R.Baboon <I.R.Baboon@NoChimpsAllowed.org> wrote:
> And I think "Don" (if that was your real name,lol)
> does a pretty good job of keeping up with this stuff

I believe her real name is Donna.

-- 
Robert
GRC newsgroup tips - http://www.imilly.com/noregrets.htm
List of Lists - http://lists.gpick.com/
Privacy and Security - https://netfiles.uiuc.edu/ehowes/www/main-nf.htm
0
Robert
9/11/2004 10:34:00 PM
Wandering aimlessly about grc.security, I heard Wolfen say:

> Robert wrote:
>> I.R.Baboon <I.R.Baboon@NoChimpsAllowed.org> wrote:
>> 
>>>> And I think "Don" (if that was your real name,lol)
>>>> does a pretty good job of keeping up with this stuff
>> 
>> I believe her real name is Donna.
> 
>   Yeah I Thought so :-) Thanks!

Donna is a MS-MVP for Windows Security from Macau. Her "Calendar of
Updates" at http://cou.dozleng.com is a handy reference tool...

-- 
Don

GRC Newsgroups/Guidelines/No Regrets
http://news.grc.com/news.exe?cmd=article&group=grc.techtalk&item=116183
0
Dutch
9/11/2004 11:10:00 PM
Dutch <me2@privacy.net> wrote in
news:199u5ggah8g7y.dlg@news.12078.net: 

> Wandering aimlessly about grc.security, I heard Wolfen say:
> 
>> Robert wrote:
>>> I.R.Baboon <I.R.Baboon@NoChimpsAllowed.org> wrote:
>>> 
>>>>> And I think "Don" (if that was your real name,lol)
>>>>> does a pretty good job of keeping up with this stuff
>>> 
>>> I believe her real name is Donna.
>> 
>>   Yeah I Thought so :-) Thanks!
> 
> Donna is a MS-MVP for Windows Security from Macau. Her
> "Calendar of Updates" at http://cou.dozleng.com is a handy
> reference tool... 
> 

....and also a weblog at: http://www.msmvps.com/donna/

-- 
Kayode Okeyode
http://www.kayodeok.co.uk/weblog/
http://www.kayodeok.btinternet.co.uk/favorites/webdesign.htm
0
kayodeok
9/11/2004 11:15:00 PM
Reply:

Similar Artilces:

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Schneier on Security: Linux Security
Schneier on Security: Linux Security http://www.schneier.com/blog/archives/2005/01/linux_security.html *********************************************************** Quote *********************************************************** I'm a big fan of the Honeynet Project (and a member of their board of directors). They don't have a security product; they do security research. Basically, they wire computers up with sensors, put them on the Internet, and watch hackers attack them. They just released a report about the security of Linux: =====================================...

Linux security
I read this article, 'CommsDesign - Linux and Security: Mission Impossible?' (http://tinyurl.com/yjfnqqa) and it brings up some good points. With the kernel being at about 11 million lines of code, it is becoming unmanageable, and thereby more vulnerable. Anyway, I found it an interesting read. Don't think I agree with all his points. -- ' ' (http://thecompletecomputerresource.com/) ------------------------------------------------------------------------ Jonathan_R;2055270 Wrote: > I read this article, 'CommsDesign - Linux and Security: M...

F-Secure Readies Security Software For Linux
F-Secure Corp. on Tuesday unveiled security software for open-source Samba file servers and Linux, addressing a need that's growing within the enterprise market. The Finnish company announced the availability of antivirus software for Samba that automatically detects and removes viruses from files stored on the server. The new product is meant to protect all Samba-attached computers from malicious code that could enter the network from a Windows or Linux machine. Next month, F-Secure plans to ship a Linux version of F-Secure Policy Manager, which will extend centrally managed ...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

Hewlett Packard Security Updater has serious security holes
</quot> Hewlett Packard faces a new security hazard as their Software Update Tool is found to have a fairly serious security hole. The double threat can lead to remote command execution or data leakage, both of which are huge issues for a company like Hewlett Packard. Since many people who may not be very technologically aware trust Hewlett Packard as a brand, they are more likely to have their updates set to automatic. This poses a real threat to their security, especially the remote access flaw. The offending piece of code is an Active-X module, specifically the HPeDia...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

Web resources about - More big security holes in Linux - grc.security

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Bunbury man in court over child sex abuse images after US Homeland Security tip
A West Australian man who allegedly used his mobile phone to access and send child sexual abuse images is due to appear in court.

Bunbury man in court over child sex abuse images after US Homeland Security tip
A West Australian man who allegedly used his mobile phone to access and send child sexual abuse images is due to appear in court.

Bunbury man in court over child sex abuse images after US Homeland Security tip
A West Australian man who allegedly used his mobile phone to access and send child sexual abuse images is due to appear in court.

Distil Networks Acquires Swedish Security Firm ScrapeSentry
Distil Networks , the global leader in bot detection and mitigation, announced its acquisition of Swedish managed security services provider ...

Living the CES security farce
... Bluetooth controlled vibrators does one really need? No, what has me wondering is the big announcement ahead of CES about much tighter security ...

Security push could make New York a smartphone-free zone
Have you heard the one about the phone encryption bill in New York that will fine retailers $2,500 for each cell phone they sell that can’t be ...

Resources last updated: 1/15/2016 9:44:54 AM