************************************************************************** Security Bulletin 9536 DISA Defense Communications System August 23, 1995 Published by: DISN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/disn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/disn-security-95313131). ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -----BEGIN PGP SIGNED MESSAGE----- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 95-34 Release date: 21 August, 1995, 1:00 PM EDT (GMT -4) SUBJECT: Sendmail v.5 Vulnerability. SUMMARY: A a vulnerability exists in sendmail version 5, which is several years old. but still in use. The vulnerability is currently present in all versions of IDA sendmail and in some vendors releases of sendmail (vendors listed below in BACKGROUND). BACKGROUND: In sendmail version 5, there is a vulnerability that intruders can exploit to create files, append to existing files, or execute programs. Many vendors have previously installed upgrades or developed patches to address the problem; some are currently working on patch development. The following is a list of vendors and the status of their action on this matter. Source or Vendor Status - ---------------- -------------------------------------- Eric Allman sendmail 8.6.10 or later not vul. Apple Computer, Inc. upgrades to A/UX 3.1 and 3.1.1 not vul. Berkeley SW. Design BSD/OS 2.0 vulnerable - patch available BSD/OS 2.0.1 not vulnerable Cray Research, Inc. not vulnerable Digital Equipment Corp. not vulnerable if current with patches Harris Computer Systems not vulnerable Hewlett-Packard Company not vul. - see HP bulletin #25 IBM Corporation AIX 3.2 not vulnerable with patch AIX 4.1 not vulnerable NEC Corporation vulnerable - patches available NeXT Computer, Inc. vulnerable - patch is planned Open Software Foundation not vulnerable The Santa Cruz Operation vulnerable - patches available Silicon Graphics Inc. not vulnerable if current with patches Solbourne (Grumman) vulnerable - patch is planned Sun Microsystems, Inc. Solaris 2.x not vulnerable Sun OS 4.1.3, 4.1.37u1, & 4.1.4 vul., patch available soon Public domain Users of the public domain operating systems Linux (systems using sendmail rather than smail), NetBSD, and FreeBSD should upgrade to sendmail 8.6.12 If you do not see your vendor's name or if you have questions about the version of sendmail at your site, contact your vendor directly or ASSIST. IMPACT: Local and remote users can create files, append to existing files or run programs on the system. Exploitation can lead to unauthorized root access. RECOMMENDED SOLUTIONS: IDA users should convert to sendmail 8.6.12. Other users should check the vendor information in the appendix of this advisory. Ensure that you have kept current with upgrades and patches from your vendor. If no patch is currently available, an alternative is to install sendmail 8.6.12. sendmail Information - -------------------- Location - Sendmail is available by anonymous FTP from: ftp://ftp.cs.berkeley.edu/ucb/sendmail ftp://info.cert.org/pub/tools/sendmail/sendmail.8.6.12 ftp://auscert.org.au/pub/mirrors/ftp.cs.berkeley.edu/ucb/sendmail The checksums are: MD5 (sendmail.8.6.12.base.tar.Z) = 31591dfb0dacbe0a7e06147747a6ccea MD5 (sendmail.8.6.12.cf.tar.Z) = c60becd7628fad715df8f7e13dcf3cc6 MD5 (sendmail.8.6.12.misc.tar.Z) = 6212390ca0bb4b353e29521f1aab492f MD5 (sendmail.8.6.12.patch) = 10961687c087ef30920b13185eef41e8 MD5 (sendmail.8.6.12.xdoc.tar.Z) = 8b2252943f365f303b6302b71ef9a841 Additional security - ------------------- To restrict sendmail's program mailer facility, obtain and install the sendmail restricted shell program (smrsh) by Eric Allman (the original author of sendmail), following the directions included with the program. Copies of the smrsh program may be obtained via anonymous FTP from ftp://assist.mil/pub/tools/unix/smrsh.tar.Z ftp://info.cert.org/pub/tools/smrsh ftp://ftp.uu.net/pub/security/smrsh The checksums are: BSD Sum 30114 5 README 25757 2 smrsh.8 46786 5 smrsh.c System V Sum 56478 10 README 42281 4 smrsh.8 65517 9 smrsh.c MD5 Checksum MD5 (README) = fc4cf266288511099e44b664806a5594 MD5 (smrsh.8) = 35aeefba9714f251a3610c7b1714e355 MD5 (smrsh.c) = d4822ce7c273fc8b93c68e39ec67739c Note: Depending upon the currently installed sendmail program, switching to a different sendmail may require significant effort (such as rewriting the sendmail.cf file.) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST would like to thank the CERT Coordination Center for information contained in this bulletin. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/ institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from assist.mil (IP address 199.211.123.11). Note: assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231, COMM 703-607-4700, DSN 327-4700. ELECTRONIC MAIL: assist@assist.mil. ASSIST BBS: COMM 703-607-4710, DSN 327-4710, leave a message for the "sysop". FAX: COMM 703-607-4735, DSN 607-4735 ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt, and through the world wide web from http://net-dist.mit.edu/pgp.html. In accordance with the terms of that license, PGP 2.6.2 may be used for non-commercial purposes only. Instructions for downloading the PGP 2.6.2 software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi4uZ40AAAEEAM1uraimCNeh5PtzX7KoGxC2u8uMTdl8V5sujk3MHbWvCuOM W0FqDy5s9iwfQLZWzJ7cbM6L0mNOj8eJGoz7TqGKZDDRFlKAwg0x8joleZLC2gXw FVdF/g6Mdv7ok7heoa+Y//YMeADnsSrmzqLCnhFbKYffww3EbdH6sbnW3Io9AAUR tB9BU1NJU1QgVGVhbSA8YXNzaXN0QGFzc2lzdC5taWw+iQCVAwUQL1xx7tH6sbnW 3Io9AQEBYwP9FvIJbnKjtMLUj8ghd6hophSx8WZnfQsOmZX/BbX8vKz1a5BkBn4q ANvW+uKGdUlE8LLMEm1PD59Cihcb3OoWDOU8zIOIErvry4eqa+LzEXV8nnBdes+A a1MCMGSz+K3OaP78lQ7JCGoY9TXTWIelfAdBVBG4VQcSQRn8tjRdG2e0KEFTU0lT VCBUZWFtIDxhc3Npc3RAYXNzaXN0Lmltcy5kaXNhLm1pbD6JAJUCBRAuLnHoh0Y9 0jC+b6kBAU0TA/4yXSL7K6tcfVm9ACnP4crCoutFM2w10e7YKxD850ajhWrh6rI9 O+sjU5WObqiPJ7sZHdEw/KARzPSijH/5h8HlyYa6ClksWxYuymzCsUYYJctdjcGr uakfXgYQ1TkkyUfNrN5G90NuRK/vTRe7bkmyGNYjN9Njac1Q18WVF59Chg== =d5rP - -----END PGP PUBLIC KEY BLOCK----- Appendix: Vendor Information Current as of August 17, 1995 Below is information from vendors about the vulnerability in sendmail version 5. - ------------- Eric Allman Sendmail 8.6.10 and later are not vulnerable. The current version is 8.6.12. Because the current version addresses vulnerabilities that appear in earlier versions, it is a good idea to use 8.6.12. Sendmail is available by anonymous FTP from ftp://ftp.cs.berkeley.edu/ucb/sendmail ftp://info.cert.org/pub/tools/sendmail/sendmail.8.6.12 ftp://auscert.org.au/pub/mirrors/ftp.cs.berkeley.edu/ucb/sendmail The checksums are MD5 (sendmail.8.6.12.base.tar.Z) = 31591dfb0dacbe0a7e06147747a6ccea MD5 (sendmail.8.6.12.cf.tar.Z) = c60becd7628fad715df8f7e13dcf3cc6 MD5 (sendmail.8.6.12.misc.tar.Z) = 6212390ca0bb4b353e29521f1aab492f MD5 (sendmail.8.6.12.patch) = 10961687c087ef30920b13185eef41e8 MD5 (sendmail.8.6.12.xdoc.tar.Z) = 8b2252943f365f303b6302b71ef9a841 - ------------- Apple Computer, Inc. [The following information also appeared in CERT advisory CA-95:05, "Sendmail Vulnerabilities."] An upgrade to A/UX version 3.1 (and 3.1.1) for these vulnerabilities is available. The upgrade replaces the sendmail binary with the 8.6.10 version. It is available via anonymous FTP from ftp.support.apple.: pub/apple_sw_updates/US/Unix/A_UX/supported/3.x/sendmail/ It is also available via anonymous FTP from abs.apple.com: pub/abs/aws95/patches/sendmail/ In both cases the compressed binary has the following signature: MD5 (sendmail.Z) = 31bb15604517630f46d7444a6cfab3f1 Uncompress(1) this file and replace the existing version in /usr/lib; be sure to preserve the hard links to /usr/ucb/newaliases and /usr/ucb/mailq, kill the running sendmail and restart. Earlier versions of A/UX are not supported by this patch. Users of previous versions are encouraged to update their system or compile the latest version of sendmail available from ftp.cs.berkeley.edu. Customers should contact their reseller for any additional information. - ------------- Berkeley Software Design, Inc. (BSDI) BSD/OS V2.0.1 is not vulnerable. BSD/OS V2.0 users should install patch U200-011, available from ftp.bsdi.com in bsdi/patches/U200-011. BSDI Support contact information: Phone: +1 719 536 9346 EMail: support@bsdi.com - ------------- Cray Research, Inc. not vulnerable - ------------- Digital Equipment Corp. A patch for SENDMAIL (ULTSENDMAIL_EO1044 & OSFSENDMAIL_E01032) has been available for some time, so if you have kept current with patches you are not vulnerable to this particular reported problem. If you have not applied the kits above, Digital Equipment Corporation strongly urges customers to upgrade to the latest versions of ULTRIX V4.4 or DIGITAL DEC OSF/1 V3.2, then apply the appropriate sendmail solution kit. The above kits can be obtained through your normal Digital support channels or by access (kit) request via DSNlink, DSIN, or DIA. - ------------- Grumman Systems Support Corporation (GSSC) GSSC now performs all Solbourne software and hardware support. We recommend running sendmail 8.6.10 (or later revision.) 8.6.12 has proven reliable in production use on Solbourne systems. We plan to release the Solbourne version of the Sun patch when it becomes available. Contact info: ftp: ftp.nts.gssc.com phone: 1-800-447-2861 email: support@nts.gssc.com - ------------- Harris Computer Systems not vulnerable - ------------- Hewlett-Packard Company Hewlett-Packard issued security bulletin #25 on April 2, 1995 announcing patches and describing a fix. The patches are PHNE_5402 (series 700/800, HP-UX 9.x), or PHNE_5401 (series 700/800, HP-UX 8.x), or PHNE_5384 (series 300/400, HP-UX 9.x), or PHNE_5383 (series 300/400, HP-UX 8.x), or PHNE_5387 (series 700, HP-UX 9.09), or PHNE_5388 (series 700, HP-UX 9.09+), or PHNE_5389 (series 800, HP-UX 9.08) The bulletin is available from the HP SupportLine and from http://www.hp.com in the HPSL category and from http://support.mayfield.hp.com. Patches may be obtained from HP via FTP (this is NOT anonymous FTP) or the HP SupportLine. To obtain HP security patches, you must first register with the HP SupportLine. The registration instructions are available via anonymous FTP at info.cert.org in the file "pub/vendors/hp/supportline_and_patch_retrieval". HP SupportLine: 1-415-691-3888 phone: 1-415-691-3680 telnet/ftp: support.mayfield.hp.com WWW: http://www.hp.com http://support.mayfield.hp.com. - ------------- IBM Corporation A patch (ptf U425863) has been available for AIX 3.2 for some time. To determine if you have this ptf on your system, run the following command: % lslpp -lB U425863 If you have not already applied the patch, you can order it from IBM as APAR ix40304 To order APARs from IBM in the U.S., call 1-800-237-5511. To obtain APARs outside of the U.S., contact your local IBM representative. - ------------- NEC Corporation OS Version Status - ------------- ------------ ------------------------------ EWS-UX/V(Rel4.0) R1.x - R6.x vulnerable EWS-UX/V(Rel4.2) R7.x - R10.x vulnerable patch available EWS-UX/V(Rel4.2MP) R10.x vulnerable patch available UP-UX/V R1.x - R4.x vulnerable UP-UX/V(Rel4.2MP) R5.x - R7.2 vulnerable patch available except for R5.x UX/4800 R11.x not vulnerable Contacts for further information: e-mail:UXcert-CT@d2.bsd.nes.nec.co.jp - ------------- NeXT Computer, Inc. The sendmail executables included with all versions of NEXTSTEP up to and including release 3.3 are vulnerable to this problem. The SendmailPatch previously released for NEXTSTEP 3.1 and 3.2 is also vulnerable. An updated patch is planned which will address this vulnerability. The availability of this patch will be indicated in the NeXTanswers section of http://www.next.com/. For further information you may contact NeXT's Technical Support Hotline at (+1-800-955-NeXT) or via email to ask_next@NeXT.com. - ------------- Open Software Foundation not vulnerable - ------------- The Santa Cruz Operation Support Level Supplement (SLS) net382e, contains a patched version of sendmail for the following releases: SCO TCP/IP Runtime System Release 1.2.1 SCO Open Desktop Lite Release 3.0 SCO Open Desktop Release 3.0 SCO Open Server Network System Release 3.0 SCO Open Server Enterprise System Release 3.0 SCO OpenServer 5 contains Sendmail version 8.6.8, and contains fixes to all problems reported in this and previous sendmail advisories. Users of previous releases should consider updating. NOTE: The MMDF (M)ulti-Channel (M)emorandum (D)istribution (F)acility is the default mail system on SCO systems. The MMDF mail system is not affected by any of the problems mentioned in these advisories. Administrators who wish to use sendmail must specifically configure the system to do so during or after installation. To acquire SLS net382e: Anonymous ftp on the Internet: ============================== ftp://ftp.sco.COM/SLS/net382e.Z (disk image) ftp://ftp.sco.COM/SLS/net382e.ltr.Z (documentation) Anonymous uucp: =============== United States: - -------------- sosco!/usr/spool/uucppublic/SLS/net382e.Z (disk image) sosco!/usr/spool/uucppublic/SLS/net382e.ltr.Z (documentation) United Kingdom: - --------------- scolon!/usr/spool/uucppublic/SLS/net382e.Z (disk image) scolon!/usr/spool/uucppublic/SLS/net382e.ltr.Z (documentation) The telephone numbers and login names for the machines sosco and scolon are provided with the default /usr/lib/uucp/Systems file shipped with every SCO system. The checksums for the files listed above are as follows: file sum -r md5 =========================== ================================ net382e.Z: 29715 1813 41efeaaa855e4716ed70c12018014092 net382e.ltr.Z 52213 14 287ba6131519cba351bc58cb32880fda The Support Level Supplement is also available on floppy media from SCO Support at the following telephone numbers: USA/Canada: 6am-5pm Pacific Daylight Time (PDT) - ----------- 1-408-425-4726 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific - ------------------------------------------------ Daylight Time (PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:00pm Greenwich Mean Time (GMT) - ---------------------------- +44 1923 816344 (voice) +44 1923 817781 (fax) For further information, contact SCO at one of the above numbers, send electronic mail to support@sco.COM, or see the SCO Web Page at: http://www.sco.COM. - ------------- Silicon Graphics Inc. On February 22, 1995, Silicon Graphics issued security advisory 19950201 addressing sendmail issues being raised at the time and previous older version sendmail issues. Patches are still available and as part of these patches, sendmail version 8.6.12 is provided as standard. At the time of this writing here is the patch information. **** IRIX 3.x **** Unfortunately, Silicon Graphics Inc, no longer supports the IRIX 3.x operating system and therefore has no patches or binaries to provide. However, two possible actions still remain: 1) upgrade the system to a supported version of IRIX (see below) and then install the binary/patch or 2) obtain the sendmail source code from anonymous FTP at ftp.cs.berkeley.edu and compile the program manually. **** IRIX 4.x **** For the IRIX operating system version 4.x, a manually installable binary replacement has been generated and made available via anonymous ftp and/or your service/support provider. The binary is sendmail.new.Z and is installable on all 4.x platforms. The SGI anonymous ftp site is ftp.sgi.com (192.48.153.1). The binary maybe be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/4.x ##### Checksums #### Filename: sendmail.new.Z Algorithm #1 (sum -r): 27178 422 sendmail.new.Z Algorithm #2 (sum): 46012 422 sendmail.new.Z MD5 checksum: 146DD1019673D7C2C89A78D7ACF85CF6 After obtaining the binary, it may be installed with the instructions below: 1) Become the root user on the system. % /bin/su - Password: # 2) Stop the current mail processes. # /etc/init.d/mail stop 3) Rename the current sendmail binary to a temporary name. # mv /usr/lib/sendmail /usr/lib/sendmail.stock 4) Change permissions on the old sendmail binary so it can not be used anymore. # chmod 0400 /usr/lib/sendmail.stock 5) Uncompress the binary. # uncompress /tmp/sendmail.new.Z 6) Put the new sendmail binary into place (in the example here the binary was retrieved via anonymous ftp and put in /tmp) # mv /tmp/sendmail.new /usr/lib/sendmail 7) Insure the correct permissions and ownership on the new sendmail. # chown root.sys /usr/lib/sendmail # chmod 4755 /usr/lib/sendmail 8) Restart the mail system with the new sendmail binary in place. # /etc/init.d/mail start 9) Return to normal user level. # exit **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patch described in the next section "**** IRIX 5.2, 5.3, 6.0, 6.0.1 ***" can be applied. **** IRIX 5.2, 5.3, 6.0, 6.0.1 **** For the IRIX operating system versions 5.2, 5.3, 6.0 and 6.0.1, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 332 and will install on IRIX 5.2, 5.3, 6.0 and 6.0.1 . The SGI anonymous ftp site is ftp.sgi.com (192.48.153.1). Patch 332 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.2 ~ftp/Patches/5.3 ~ftp/Patches/6.0 ~ftp/Patches/6.0.1 For obtaining security information, patches or assistance, please contact your SGI support provider. If there are questions about this patch information, email can be sent to cse-security-alert@csd.sgi.com . For reporting new SGI security issues, email can be sent to security-alert@sgi.com . - ------------- Solbourne see Grumman Systems Support Corporation - ------------- Sun Microsystems, Inc. Solaris 2.x is not vulnerable. Sun OS 4.1.3, 4.1.37u1, and 4.1.4 are vulnerable, and a patch will be available soon. This patch can be obtained from local Sun Answer Centers and through anonymous FTP from ftp.uu.net in the /systems/sun/sun-dist directory. In Europe, the patch is available from mcsun.eu.net (192.16.202.1) in the /sun/fixes directory. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMDi8Y9H6sbnW3Io9AQECowP8DB3hyj5dxtM6Dce2k6hEtdjy9gm+y5Zp aBIBDZWslGzxHVhW0L2qez8ECr7Q5y7dXgQDTNHnnIN/8mAgBZPg4ezKwVkhMTuP WG58eDqz0nrH6y0Sykja7ONw5FHVc2gni7wX3hpwZjhc++LvlkX8hM9eyPzdXyei U2dItWeSjoE= =zMiS -----END PGP SIGNATURE----- **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.