Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ciacl116.txt

Lightweight Directory Access Protocol LDAP Vulnerabilities




             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

          Lightweight Directory Access Protocol (LDAP) Vulnerabilities
                           [CERT Advisory CA-2001-18]

July 18, 2001 19:00 GMT                                           Number L-116
[Revised August 6, 2001 - Used updated CERT Advisory]
______________________________________________________________________________
PROBLEM:       CERT advises there are vulnerabilities in several 
               implementations of Lightweight Directory Access Protocol 
               (LDAP). 
PLATFORM:      * iPlanet Directory Server, version 5.0 Beta and versions
                 up to and including 4.13 
               * IBM SecureWay V3.2.1 running under Solaris and Windows 2000 
               * Lotus Domino R5 Servers (Enterprise, Application, and Mail),
                 prior to 5.0.7a 
               * Teamware Office for Windows NT and Solaris, prior to 
                 version 5.3ed1 
               * Qualcomm Eudora WorldMail for Windows NT, version 2 
               * Microsoft Exchange 5.5 prior to Q303448 and Exchange 2000
                 prior to Q303450 
               * Network Associates PGP Keyserver 7.0, prior to Hotfix 2 
               * Oracle Internet Directory, versions 2.1.1.x and 3.0.1 
               * OpenLDAP, 1.x prior to 1.2.12 and 2.x prior to 2.0.8
DAMAGE:        Several implementations of the LDAP contain vulnerabilities 
               that may allow denial-of-service attacks, unauthorized 
               privileged access, or both, by remote users.
SOLUTION:      Follow guidelines for your system(s) as outlined in Appendix A 
               of this bulletin.
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM to HIGH. Depending on the implementation of 
ASSESSMENT:    LDAP at your site. 
______________________________________________________________________________

[Update to L-116 - Oracle has announced a fix for their product.]

[******  Start CERT Advisory ******]

CERTŪ Advisory CA-2001-18 Multiple Vulnerabilities in Several Implementations
of the Lightweight Directory Access Protocol (LDAP)

Original release date: July 16, 2001
Last revised: July 27, 2001 14:03 EDT
Source: CERT/CC

A complete revision history can be found at the end of this file. 

Systems Affected

* iPlanet Directory Server, version 5.0 Beta and versions
  up to and including 4.13 
* IBM SecureWay V3.2.1 running under Solaris and Windows 2000 
* Lotus Domino R5 Servers (Enterprise, Application, and Mail),
  prior to 5.0.7a 
* Teamware Office for Windows NT and Solaris, prior to version 5.3ed1 
* Qualcomm Eudora WorldMail for Windows NT, version 2 
* Microsoft Exchange 5.5 prior to Q303448 and Exchange 2000
  prior to Q303450 
* Network Associates PGP Keyserver 7.0, prior to Hotfix 2 
* Oracle Internet Directory, versions 2.1.1.x and 3.0.1 
* OpenLDAP, 1.x prior to 1.2.12 and 2.x prior to 2.0.8

Overview

Several implementations of the Lightweight Directory Access Protocol (LDAP)
protocol contain vulnerabilities that may allow denial-of-service attacks, 
unauthorized privileged access, or both. If your site uses any of the
products listed in this advisory, the CERT/CC encourages you to follow
the advice provided in the Solution section below. 

I. Description

The LDAP protocol provides access to directories that support the X.500
directory semantics without requiring the additional resources of X.500. 
A directory is a collection of information such as names, addresses, 
access control lists, and cryptographic certificates. Because LDAP servers
are widely used in maintaining corporate contact information and providing
authentication services, any threats to their integrity or stability can
jeopardize the security of an organization. 

To test the security of protocols like LDAP, the PROTOS project presents
a server with a wide variety of sample packets containing unexpected 
values or illegally formatted data. This approach may reveal vulnerabilities
that would not manifest themselves under normal conditions. As a member of
the PROTOS project consortium, the Oulu University Secure Programming Group
(OUSPG) co-developed and subsequently used the PROTOS LDAPv3 test suite to
study several implementations of the LDAP protocol. 

The PROTOS LDAPv3 test suite is divided into two main sections: the
"Encoding" section, which tests an LDAP server's response to packets that
violate the Basic Encoding Rules (BER), and the "Application" section, 
which tests an LDAP server's response to packets that trigger LDAP-specific
application anomalies. Each section is further divided into "groups" that
collectively exercise a particular encoding or application feature. 
Finally, each group contains one or more "test cases," which represent
the network packets that are used to test individual exceptional conditions.

By applying the PROTOS LDAPv3 test suite to a variety of popular 
LDAP-enabled products, the OUSPG revealed the following vulnerabilities:

VU#276944 - iPlanet Directory Server contains multiple vulnerabilities in 
LDAP handling code 

The iPlanet Directory Server contains multiple vulnerabilities in the code
that processes LDAP requests.

In the encoding section of the test suite, this product had an
indeterminate number of failures in the group that tests invalid BER
length of length fields.

In the application section of the test suite, this product failed four
groups and had inconclusive results for an additional five groups. The 
four failed groups indicate the presence of buffer overflow 
vulnerabilities. For the inconclusive groups, the product exhibited
suspicious behavior while testing for format string vulnerabilities.

VU#505564 - IBM SecureWay Directory is vulnerable to denial-of-service
attacks via LDAP handling code 

The IBM SecureWay Directory server contains one or more buffer overflow
vulnerabilities in the code that processes LDAP requests. These 
vulnerabilities were discovered independently by IBM using the PROTOS
LDAPv3 test suite.

VU#583184 - Lotus Domino R5 Server Family contains multiple 
vulnerabilities in LDAP handling code 

The Lotus Domino R5 Server Family (including the Enterprise, Application,
and Mail servers) contains multiple vulnerabilities in the code that
processes LDAP requests. 

In the encoding section of the test suite, this product failed 1 of 
77 groups. The failed group tests a server's response to miscellaneous 
packets with semi-valid BER encodings. 

In the application section of the test suite, this product failed 23
of 77 groups. These results suggest that both buffer overflow and format
string vulnerabilities are likely to be present in a variety of 
application components. 

VU#688960 - Teamware Office contains multiple vulnerabilities in LDAP 
handling code 

The Teamware Office suite is packaged with a combination X.500/LDAP server
that provides directory services. Multiple versions of the Office product
contain vulnerabilities that cause the LDAP server to crash in response
to traffic sent by the PROTOS LDAPv3 test suite.

In the encoding section of the test suite, this product failed 9 of
16 groups involving invalid encodings for several BER object types.

In the application section of the test suite, this product failed 4
of 32 groups. The remaining 45 groups were not exercised during the test
runs. The four failed groups indicate the presence of buffer overflow
vulnerabilities. 

VU#717380 - Potential vulnerabilities in Qualcomm Eudora WorldMail
Server LDAP handling code 

While investigating the vulnerabilities reported by OUSPG, it was brought
to our attention that the Eudora WorldMail Server may contain 
vulnerabilities that can be triggered via the PROTOS test suite. The
CERT/CC has reported this possibility to Qualcomm and an investigation
is pending.

VU#763400 - Microsoft Exchange LDAP Service is vulnerable to 
denial-of-service attacks 

The LDAP Service components of Microsoft Exchange 5.5 and Exchange 2000
contain vulnerabilities that cause affected LDAP servers to freeze in
response to malformed LDAP requests generated by the PROTOS test suite.
This only affects the LDAP service; all other Exchange services, 
including mail handling, continue normally.

Although these products were not included in OUSPG's initial testing,
subsequent informal testing revealed that the LDAP service of Microsoft 
Exchange became unresponsive while processing test cases containing 
exceptional BER encodings for the LDAP filter type field.

VU#765256 - Network Associates PGP Keyserver contains multiple
vulnerabilities in LDAP handling code

The Network Associates PGP Keyserver 7.0 contains multiple 
vulnerabilities in the code that processes LDAP requests. 

In the encoding section of the test suite, this product failed 12 
of 16 groups. 

In the application section of the test suite, this product failed
1 of 77 groups. The failed group focused on out-of-bounds integer 
values for the messageID parameter. Due to a peculiarity of this 
test group, this failure may actually represent an encoding failure.

VU#869184 - Oracle Internet Directory contains multiple vulnerabilities
in LDAP handling code 

The Oracle Internet Directory server contains multiple vulnerabilities
in the code used to process LDAP requests. 

In the encoding section of the test suite, this product failed an
indeterminate number of test cases in the group that tests a server's
response to invalid encodings of BER OBJECT-IDENTIFIER values. 

In the application section of the test suite, this product failed 46
of 77 groups. These results suggest that both buffer overflow and format
string vulnerabilities are likely to be present in a variety of 
application components. 

VU#935800 - Multiple versions of OpenLDAP are vulnerable to 
denial-of-service attacks 

There are multiple vulnerabilities in the OpenLDAP implementations of the
LDAP protocol. These vulnerabilities exist in the code that translates
network datagrams into application-specific information. 

In the encoding section of the test suite, this product failed the group
that tests the handling of invalid BER length of length fields.

In the application section of the test suite, this product passed all
6685 test cases.

Additional Information

For the most up-to-date information regarding these vulnerabilities,
please visit the CERT/CC Vulnerability Notes Database at:

http://www.kb.cert.org/vuls/

Please note that the test results summarized above should not be
interpreted as a statement of overall software quality. However, the
CERT/CC does believe that these results are useful in describing the
characteristics of these vulnerabilities. For example, an application 
that fails multiple groups indicates that problems exist in different 
areas of the code, rather than in a specific code segment.

II. Impact

VU#276944 - iPlanet Directory Server contains multiple vulnerabilities
in LDAP handling code 

One or more of these vulnerabilities allow a remote attacker to execute
arbitrary code with the privileges of the Directory Server. The server 
typically runs with system privileges. At least one of these 
vulnerabilities has been successfully exploited in a laboratory 
environment under Windows NT 4.0, but they may affect other platforms 
as well.

VU#505564 - IBM SecureWay Directory is vulnerable to denial-of-service 
attacks via LDAP handling code 

These vulnerabilities allow a remote attacker to crash affected SecureWay
Directory servers, resulting in a denial-of-service condition. It is not
known at this time whether these vulnerabilities will allow a remote 
attacker to execute arbitrary code. These vulnerabilities exist on the
Solaris and Windows 2000 platforms but are not present under Windows NT,
AIX, and AIX with SSL.

VU#583184 - Lotus Domino R5 Server Family contains multiple 
vulnerabilities in LDAP handling code 

One or more of these vulnerabilities allow a remote attacker to execute
arbitrary code with the privileges of the Domino server. The server 
typically runs with system privileges. At least one of these 
vulnerabilities has been successfully exploited in a laboratory
environment. 

VU#688960 - Teamware Office contains multiple vulnerabilities in LDAP
handling code 

These vulnerabilities allow a remote attacker to crash affected Teamware
LDAP servers, resulting in a denial-of-service condition. They may also
allow a remote attacker to execute arbitrary code with the privileges 
of the Teamware server. The server typically runs with system privileges.

VU#717380 - Potential vulnerabilities in Qualcomm Eudora WorldMail
Server LDAP handling code 

The CERT/CC has not yet determined the impact of this vulnerability.

VU#763400 - Microsoft Exchange LDAP Service is vulnerable to 
denial-of-service attacks 

These vulnerabilities allow a remote attacker to crash the LDAP component
of vulnerable Exchange 5.5 and Exchange 2000 servers, resulting in a 
denial-of-service condition within the LDAP component. 

VU#765256 - Network Associates PGP Keyserver contains multiple 
vulnerabilities in LDAP handling code 

One or more of these vulnerabilities allow a remote attacker to execute
arbitrary code with the privileges of the Keyserver. The server typically
runs with system privileges. At least one of these vulnerabilities has 
been successfully exploited in a laboratory environment.

VU#869184 - Oracle Internet Directory contains multiple vulnerabilities
in LDAP handling code 

One or more of these vulnerabilities allow a remote attacker to execute
arbitrary code with the privileges of the Oracle server. The server 
typically runs with system privileges. At least one of these vulnerabilities
has been successfully exploited in a laboratory environment. 

VU#935800 - Multiple versions of OpenLDAP are vulnerable to 
denial-of-service attacks 

These vulnerabilities allow a remote attacker to crash affected OpenLDAP
servers, resulting in a denial-of-service condition.

III. Solution

Apply a patch from your vendor

Appendix A contains information provided by vendors for this advisory.
Please consult this appendix to determine if you need to contact your
vendor directly.

Block access to directory services at network perimeter

As a temporary measure, it is possible to limit the scope of these
vulnerabilities by blocking access to directory services at the network
perimeter. Please note that this workaround does not protect vulnerable
products from internal attacks.

ldap    389/tcp     # Lightweight Directory Access Protocol 
ldap    389/udp     # Lightweight Directory Access Protocol 
ldaps   636/tcp     # ldap protocol over TLS/SSL (was sldap) 
ldaps   636/udp     # ldap protocol over TLS/SSL (was sldap)

Appendix A. - Vendor Information

This appendix contains information provided by vendors for this advisory. 
As vendors report new information to the CERT/CC, we will update this 
section and note the changes in our revision history. If a particular 
vendor is not listed below, we have not received their comments.

IBM Corporation

IBM and Tivoli are currently investigating the details of the 
vulnerabilities in the various versions of the SecureWay product family. 

Fixes are being implemented as these details become known. 

Fixes will be posted to the download sites (IBM or Tivoli) for the 
affected platform. See http://www-1.ibm.com/support under "Server Downloads"
or "Software Downloads" for links to the fix distribution sites.

[CERT/CC Addendum: IBM has provided the following details regarding
these vulnerabilities:] 

Platform         Failed Test Cases(index#/category)       Failure Symptoms

Solaris          #136/E0 encoding exception-invalid       Server crash
                 encodings for L field of BER
                 encoding.

Solaris          #6119/O7 application exception           Server crash
                 -large number of continuous
                 attributes offered to attribute
                 field.

Windows 2000     #452/E0 encoding exception               Server crash
                 -invalid encodings for L
                 field of BER encoding.

Windows 2000     #5554/O4 application exception-          Server crash
                 large number of continuous
                 initial substring offered to
                 substring filter.

iPlanet E-Commerce Solutions

iPlanet is aware of the weakness identified in the CERT Alert CA-2001-18,
regarding implementations of LDAP. The notice describes how different vendors
handle conditions outside of the normal operating environment. 

It is important to note that the notice does not present a technique to defeat
information security, gain unauthorized access or affect data integrity. At this
time, iPlanet is not aware of ANY successful breach of security using the 
information in the CERT Advisory. 

The iPlanet Directory Server 5.0 released in May 2001 is not affected. 
iPlanet Directory Server 4.1.4 and earlier version are known to be affected. 
However, iPlanet has developed a fix included in iPlanet Directory Server 4.1.5
and is scheduled to ship within two weeks (on August 3, 2001). Alternatively, 
customers may choose to upgrade to iPlanet Directory Server 5.0

iPlanet customers with questions on this advisory are requested to contact 
iPlanet Technical Support who will provide full support and up-to-date information.

[CERT/CC Addendum: This statement can also be found at 
http://www.iplanet.com/products/platform_layer/cert_alert_ca200118.html ]

Lotus Development Corporation

Lotus reproduced the problem as reported by OUSPG and documented it in 
SPR#DWUU4W6NC8. 

Lotus responded quickly to resolve the problem in a maintenance update to Domino.
It was addressed in Domino R5.0.7a, which was released on May 18th, 2001. This
release can be downloaded from Notes.net at

http://www.notes.net/qmrdown.nsf/qmrwelcome.

The fix is documented in the fix list at

http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8

Microsoft Corporation

Microsoft is developing a hotfix for this issue which will be available shortly.

Customers can obtain this hotfix by contacting Product Support Services at no
charge and asking for Q303448 and Q303450. Information on contacting Microsoft
Product Support Services can be found at

http://www.microsoft.com/support/

[CERT/CC Addendum: The CERT/CC has confirmed that Microsoft Active Directory
for Windows 2000 was tested with the PROTOS LDAPv3 test suite and did not 
exhibit any failures or suspicious behavior. Please note that this product 
has only been tested under one of several combinations of operating system 
and processor architecture, so it is possible that applying the PROTOS LDAPv3
test suite to one of the untested configurations may reveal additional 
vulnerabilities.]

Network Associates, Inc.

Network Associates has resolved these vulnerabilities in Hotfix 2 for both
Solaris and Windows NT. All Network Associates Enterprise Support customers
have been notified and have been provided access to the Hotfix.

This Hotfix can be downloaded at

http://www.pgp.com/downloads/default.asp

Novell, Inc.

[CERT/CC Addendum: The CERT/CC has confirmed that Novell NDS eDirectory 8.5
for Windows NT 4.0 was tested with the PROTOS LDAPv3 test suite and did not 
exhibit any failures or suspicious behavior. Please note that this product 
has only been tested under one of several combinations of operating system 
and processor architecture, so it is possible that applying the PROTOS LDAPv3
test suite to one of the untested configurations may reveal additional 
vulnerabilities.]

The OpenLDAP Project

[CERT/CC Addendum: To address these vulnerabilities, the OpenLDAP Project has
released OpenLDAP 1.2.12 for use in LDAPv2 environments and OpenLDAP 2.0.8 
for use in LDAPv3 environments. The CERT/CC recommends that users of OpenLDAP
contact their software vendor or obtain the latest version, available at 
http://www.openLDAP.org/software/download/.]

Oracle Corporation

Oracle has prepared a Solaris-based patch set for Oracle Internet Directory
versions 2.1.1.x and 3.0.1. These patches were made available on July 17, 2001
to Oracle Internet Directory customers via the Oracle MetaLink 
(http://metalink.oracle.com/) system.

Please visit Oracle Technology Network at 
http://otn.oracle.com/deploy/security/alerts.htm for details on workarounds
and patch availability information for the potential buffer overflow 
vulnerabilities discovered in Oracle Internet Directory.

QUALCOMM Incorporated

The LDAP service in WorldMail may be vulnerable to this exploit, but our tests
so far have been inconclusive. At this time, we strongly urge all WorldMail 
customers to ensure that the LDAP service is not accessible from outside their 
organization nor by untrusted users.

The Teamware Group

An issue has been discovered with Teamware Office Enterprise Directory 
(LDAP server) that shows a abnormal termination or loop when the LDAP server 
encounters a maliciously or incorrectly created LDAP request data.

If the maliciously formatted LDAP request data is requested, the LDAP server 
may excessively copy the LDAP request data to the stack area.

This overflow is likely to cause execution of malicious code. In other case, 
the LDAP server may go into abnormal termination or infinite loop.

[CERT/CC Addendum: Teamware has provided additional documentation of these 
issues in their "Teamware Solution Database," available at 
http://support.teamw.com/Online/s_database1.shtml. Registered users can find 
information on these vulnerabilities by searching for document #010703-0000 
for Windows NT or document #010703-0001 for Solaris.]

Appendix B. - Supplemental Information

The PROTOS Project

The PROTOS project is a research partnership between the University of Oulu 
and VTT Electronics, an independent research organization owned by the Finnish
government. The project studies methods by which protocol implementations can
be tested for information security defects.

Although the vulnerabilities discussed in this advisory relate specifically 
to the LDAP protocol, the methodology used to research, develop, and deploy
the PROTOS LDAPv3 test suite can be applied to any communications protocol.

For more information on the PROTOS project and its collection of test suites,
please visit

http://www.ee.oulu.fi/research/ouspg/protos/
 
ASN.1 and the BER

Abstract Syntax Notation One (ASN.1) is a flexible notation that allows one 
to define a variety data types. The Basic Encoding Rules (BER) describe how to
represent or encode the values of each ASN.1 type as a string of octets. This 
allow programmers to encode and decode data for platform-independent transmission
over a network. 

References

The following is a list of URLs referenced in this advisory as well as other
useful sources of information:

http://www.cert.org/advisories/CA-2001-18.html 
http://www.ietf.org/rfc/rfc2116.txt 
http://www.ietf.org/rfc/rfc2251.txt 
http://www.ietf.org/rfc/rfc2252.txt 
http://www.ietf.org/rfc/rfc2253.txt 
http://www.ietf.org/rfc/rfc2254.txt 
http://www.ietf.org/rfc/rfc2255.txt 
http://www.ietf.org/rfc/rfc2256.txt 
http://www.ee.oulu.fi/research/ouspg/protos/ 
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ 
http://www.kb.cert.org/vuls/ 
http://www.kb.cert.org/vuls/id/276944 
http://www.kb.cert.org/vuls/id/505564 
http://www.kb.cert.org/vuls/id/583184 
http://www.kb.cert.org/vuls/id/688960 
http://www.kb.cert.org/vuls/id/717380 
http://www.kb.cert.org/vuls/id/763400 
http://www.kb.cert.org/vuls/id/765256 
http://www.kb.cert.org/vuls/id/869184 
http://www.kb.cert.org/vuls/id/935800 

--------------------------------------------------------------------------------

The CERT Coordination Center thanks the Oulu University Secure Programming Group
for reporting these vulnerabilities to us, for their detailed technical 
analyses, and for their assistance in preparing this advisory. We also thank the
many vendors who provided feedback regarding their respective vulnerabilities.

--------------------------------------------------------------------------------

Authors: Jeffrey P. Lanza and Cory F. Cohen. Feedback on this advisory is greatly
appreciated. 



--------------------------------------------------------------------------------
This document is available from: http://www.cert.org/advisories/CA-2001-18.html 

[******  End CERT Advisory ******]

_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of CERT for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Center, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

L-106: Cisco IOS HTTP Authorization Vulnerability
L-107: Microsoft Authentication Error in SMTP Service
L-108: Oracle 8i TNS Listener Vulnerability
L-109: VPN-1/FireWall-1 RDP Communication Vulnerability
L-110: HP Open View Event Correlation Services Vulnerability
L-111: FreeBSD Signal Handling Flaw
L-112: Cisco SN 5420 Storage Routers Vulnerabilities
L-113: Microsoft Outlook View Control Exposes Unsafe Functionality
L-114: Hewlett-Packard login Vulnerability
L-115: Hewlett-Packard dlkm Vulnerability







TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH