<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Estimado Daniel<br>
<br>
La semana pasada enviaste una serie de consultas sobre un reporte
que hicieron los informáticos de tu universidad respecto al tema de
seguridad de la aplicación ABCD.<br>
En realidad los problemas no tienen nada que ver con ABCD, sino con
la instalación de Apache y el PHP que es tema de ellos mismos.<br>
El ABCD es totalmente invisible a esos problemas, y deberían ser
ellos quienen los solucionen<br>
Envio abajo respuestas a las preguntas enviadas<br>
saludos<br>
Ernesto Spinak<br>
<hr size="2" width="100%">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Configuración
de Apache brinda
información sobre versiones<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">Banner:
Apache/2.2.14 (Unix) PHP/5.2.12<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">A
través del banner en el puerto 80/TCP se pudo determinar
versiones de software
instalado un servidor. Esta información puede ser utilizada
por un atacante para
conocer la versión exacta de servicios/software instalado, de
forma de luego
poder realizar un ataque usando vulnerabilidades conocidas
para las mismas.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: esto se puede ocultar en la
configuración del Apache, no es
problema de la aplicación. <br>
En el httpd.conf <span style="mso-spacerun:yes"> </span>ServerSignature
Off<span style="mso-spacerun:yes"> </span>y ServerTokens
ProductOnly<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Carpetas
web navegables<o:p></o:p></span></span></p>
<p class="Style3"
style="margin-right:86.4pt;text-align:justify;line-height:normal;
mso-pagination:widow-orphan"><span class="FontStyle12"><u><span
style="font-size:
11.0pt;font-family:Verdana;mso-fareast-language:EN-US"><a class="moz-txt-link-freetext" href="http://XXX/central/">http://XXX/central/</a>
</span></u></span><span class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;
mso-ansi-language:ES-TRAD;mso-fareast-language:EN-US"
lang="ES-TRAD">Y sus subcarpetas.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">Si
bien por sí solo no representa una vulnerabilidad, debe
revisarse si es
necesaria esta configuración <o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: esto también es configuración del
Apache httpd.conf<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">Option All Indexes FollowSymLinks
Multiviews </span></span><span class="FontStyle12"><span
style="font-size:11.0pt;font-family:Wingdings;
mso-ascii-font-family:Verdana;mso-hansi-font-family:Verdana;color:blue;
mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD;mso-char-type:symbol;
mso-symbol-font-family:Wingdings" lang="ES-TRAD"><span
style="mso-char-type:symbol;mso-symbol-font-family:
Wingdings">deberia modificarse a:</span></span></span><span
class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">Option All FollowSymLinks MultiViews<span
style="mso-spacerun:yes">
</span>(o sea se elimina Indexes)<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">Se hace a nivel general o para cada
virtual host</span></span><span class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;
mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style4"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Versión
de apache con múltiples
vulnerabilidades<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">La
versión de apache instalada posee vulnerabilidades conocidas
que pueden
producir condiciones que van desde la denegación de servicio
en forma remota a
la divulgación de información.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">Mas
información: ver (CVE-2010-0434),(CVE-2010-0425),
(CVE-2010-0408),
(CVE-2009-3555), (CVE-2007-6750), (CVE-2010-2068),
(CVE-2010-1452),
(CVE-2010-1623), (CVE-2009-3720), (CVE-2009-3560),
(CVE-2011-0419),
(CVE-2011-3348)<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: eso es un problema de Apache, que
debería resolver el Centro de Informática poniendo
los parches, para eso les pagan el sueldo.</span></span><span
class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;mso-ansi-language:ES-TRAD;
mso-fareast-language:ES-TRAD" lang="ES-TRAD"><o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Verbos
soportados por el web server<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">El
servidor Apache soporta los verbos TRACK y TRACE, estos verbos
solo se utilizan
para propósitos de debug y no deberían estar habilitados.
Estos verbos podrían
utilizarse en ataques sofisticados para obtener información de
un cliente web,
por ejemplo sus credenciales de autenticación u otros datos
sensibles.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: que lo deshabiliten, no lo
precisamos para el ABCD<o:p></o:p></span></span></p>
<p class="Style2"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span style="font-size:10.0pt;font-family:Verdana"><o:p> </o:p></span></p>
<p class="Style2"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span style="font-size:10.0pt;font-family:Verdana"><o:p> </o:p></span></p>
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Versión
de PHP con múltiples
vulnerabilidades<o:p></o:p></span></span></p>
<p class="Style1"
style="line-height:normal;mso-pagination:widow-orphan"><span
class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;
mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">PHP/5.2.12<o:p></o:p></span></span></p>
<p class="Style1"
style="line-height:normal;mso-pagination:widow-orphan"><span
class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;
mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">La versión de PHP
instalada en el host es anterior a la 5.2.17.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">Las
versiones anteriores poseen múltiples vulnerabilidades
conocidas, muchas de
ellas con exploits públicos.<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: en ABCD se hará upgrade a PHP 5.3
(pero el problema no es de ABCD,
es del PHP)<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">La
configuración de PHP expone
información sensible<o:p></o:p></span></span></p>
<p class="Style1"
style="line-height:normal;mso-pagination:widow-orphan"><span
class="FontStyle12"><u><span
style="font-size:11.0pt;font-family:Verdana;
mso-fareast-language:EN-US"><a class="moz-txt-link-freetext" href="http://XXX/central/info.php">http://XXX/central/info.php</a><o:p></o:p></span></u></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">La
instalación en el host remoto, está configurada de forma tal
que permite la
divulgación de información potencialmente sensible para un
atacante. Esta
información puede accederse a través de una URL especial<span
style="mso-tab-count:
1"> </span><o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD">ES: que le cambien el nombre, sugiero<span
style="mso-spacerun:yes">
</span>pepitajimenez.php<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD"><o:p> </o:p></span></span></p>
<p class="Style2"
style="margin-left:18.0pt;text-align:justify;text-indent:-18.0pt;
line-height:normal;mso-pagination:widow-orphan;mso-list:l0 level1
lfo1;
tab-stops:list 18.0pt"><!--[if !supportLists]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Symbol;mso-fareast-font-family:
Symbol;mso-bidi-font-family:Symbol;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD;font-weight:normal;mso-bidi-font-weight:bold"
lang="ES-TRAD"><span style="mso-list:
Ignore">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span></span><!--[endif]--><span
class="FontStyle11"><span
style="font-size:10.0pt;font-family:Verdana;mso-ansi-language:
ES-TRAD;mso-fareast-language:ES-TRAD" lang="ES-TRAD">Servicio
SSH publicado a Internet<o:p></o:p></span></span></p>
<p class="Style1"
style="line-height:normal;mso-pagination:widow-orphan"><span
class="FontStyle12"><span
style="font-size:11.0pt;font-family:Verdana;
mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">8022/TCP
/SSH-2.0-OpenSSH_4.7pl Debian-8ubuntu3
17192/SSH-2.0-OpenSSH_5.3pl
Deb¡an-3ubuntu4<o:p></o:p></span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><span class="FontStyle12"><span
style="font-size:11.0pt;
font-family:Verdana;mso-ansi-language:ES-TRAD;mso-fareast-language:ES-TRAD"
lang="ES-TRAD">Si
bien no pudo accederse en las pruebas realizadas, la
publicación de un servicio
de estas características a Internet no se considera una buena
práctica. Se pudo
determinar la versión del software instalado y realizar
intentos de conexión
con pruebas de autenticación por fuerza bruta<o:p></o:p></span></span></p>
<p class="Style4" style="text-align: justify; line-height: normal;"><span
class="FontStyle12"><span style="font-size: 11pt; font-family:
Verdana; color: blue;" lang="ES-TRAD">ES: esto no tiene que
ver con ABCD, alguien habilitó el SSH (se
sospecha de un informatico)</span></span></p>
<p class="Style4"
style="text-align:justify;line-height:normal;mso-pagination:
widow-orphan"><br>
<span class="FontStyle12"><span style="font-size:11.0pt;
font-family:Verdana;color:blue;mso-ansi-language:ES-TRAD;mso-fareast-language:
ES-TRAD" lang="ES-TRAD"><o:p></o:p></span></span></p>
<hr size="2" width="100%">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 11">
<meta name="Originator" content="Microsoft Word 11">
<link rel="File-List"
href="file:///C:%5CUsers%5Cusuario%5CAppData%5CLocal%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-1593833729 1073750107 16 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:none;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
p.Style1, li.Style1, div.Style1
{mso-style-name:Style1;
margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
line-height:13.3pt;
mso-line-height-rule:exactly;
mso-pagination:none;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
p.Style2, li.Style2, div.Style2
{mso-style-name:Style2;
margin:0cm;
margin-bottom:.0001pt;
line-height:13.55pt;
mso-line-height-rule:exactly;
mso-pagination:none;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
p.Style3, li.Style3, div.Style3
{mso-style-name:Style3;
margin:0cm;
margin-bottom:.0001pt;
line-height:26.9pt;
mso-line-height-rule:exactly;
mso-pagination:none;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
p.Style4, li.Style4, div.Style4
{mso-style-name:Style4;
margin:0cm;
margin-bottom:.0001pt;
line-height:13.4pt;
mso-line-height-rule:exactly;
mso-pagination:none;
mso-layout-grid-align:none;
text-autospace:none;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
span.FontStyle11
{mso-style-name:"Font Style11";
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:Calibri;
font-weight:bold;}
span.FontStyle12
{mso-style-name:"Font Style12";
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:Calibri;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:708721576;
mso-list-type:hybrid;
mso-list-template-ids:-193980424 201981953 201981955 201981957 201981953 201981955 201981957 201981953 201981955 201981957;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:54.0pt;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:90.0pt;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:162.0pt;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:198.0pt;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:234.0pt;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:270.0pt;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:306.0pt;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style><br>
<br>
<br>
<pre class="moz-signature" cols="72">--
.^. .^.
( ) ( )
=== ===
=[=]================================[=]=
| | Ernesto Spinak | |
| | <a class="moz-txt-link-abbreviated" href="mailto:spinaker@adinet.com.uy">spinaker@adinet.com.uy</a> | |
| | Montevideo, Uruguay | |
| | tel/fax (598) 2622-3352 | |
| | celular (598) 99612238 | |
=[=]================================[=]=
=== ===
( ) ( )
V V </pre>
</body>
</html>