[Dshield] Vulnerabilities in RSA ACE/Agent

Johannes B. Ullrich jullrich at euclidian.com
Tue Oct 23 21:40:35 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> Perhaps it might be of any interest what I just read on CERT Vulnerability
> Notes:
> RSA seems to have a problem with unicode chracters in URL's. This might open
> another door for our favored worm-kids.
> I wonder why RSA does not put anything on their website.

Sad for RSA not to react. AFAIK, the vulnerability could be serious.
However, I don't think it will evolve into a new worm. There are not that
many people running RSA and they probably are reasonable well administered
and will be upgraded once the fix is out. However, until that happens I
hope sites running this software will take care.

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71ePVVOIizK5pIDMRAsbOAJ9ECapQeP6jij7d0eYvATnsQ4pcCQCgys6U
CbxK/oIBYw1n2h8Zlnaxu24=
=REsw
-----END PGP SIGNATURE-----




More information about the list mailing list