[Dshield] Vulnerabilities in RSA ACE/Agent

David Kennedy CISSP david.kennedy at acm.org
Thu Oct 25 05:29:07 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----

At 07:02 PM 10/23/01 +0200, NetWatch wrote:
>Perhaps it might be of any interest what I just read on CERT
>Vulnerability Notes:
> 
>RSA seems to have a problem with unicode chracters in URL's. This
>might open another door for our favored worm-kids.
> 
>I wonder why RSA does not put anything on their website. 

Could be because they e-mailed their customers:

>From: securcare_note at rsasecurity.com
>To: dkennedy at trusecure.com
>Date: Wed Jul 25 17:00:04 EDT 2001
>Subject: SecurCare Alert: Vulnerabilities Discovered and Fixed inRSA
>ACE/Agent for Windows NT and Windows 2000 Reply-To:
>securcare_online at rsasecurity.com
>
>
>Dear RSA SecurCare Online customer: 
>RSA Security Bulletin
>
>Vulnerabilities Discovered and Fixed in RSA ACE/Agent for Windows NT
>and RSA ACE/Agent for Windows 2000 when used to protect Microsoft
>IIS files and directories.
>July 25, 2001
>
>


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: hacker=cybercriminal--the definition changed; get over it

iQCVAwUBO9ejIPGfiIQsciJtAQGTtQP+Jq+dXHYLj4uW1J27opKJAHBw1FgItTwp
8ayHDD6M32oxnSMMFmhzHFNvBRdxNGz8xpnL7deBjPiDbNXdhoTDoKuptFhC34kJ
KD4Wv0vT0pHsopX0fD8kBiVvgEzyr6Y9It2sK7al1qO+jeQu3OHT78D0veBWC5If
H6EKAuaIvEE=
=S8ey
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.




More information about the list mailing list