[Dshield] Vulnerabilities in RSA ACE/Agent
Johannes B. Ullrich
jullrich at euclidian.com
Tue Oct 23 21:40:35 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
> Perhaps it might be of any interest what I just read on CERT Vulnerability
> RSA seems to have a problem with unicode chracters in URL's. This might open
> another door for our favored worm-kids.
> I wonder why RSA does not put anything on their website.
Sad for RSA not to react. AFAIK, the vulnerability could be serious.
However, I don't think it will evolve into a new worm. There are not that
many people running RSA and they probably are reasonable well administered
and will be upgraded once the fix is out. However, until that happens I
hope sites running this software will take care.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list