Firewall Wizards mailing list archives
RE: Looking for "lease based popper access"
From: Jan van Rensburg <devnull () epiuse com>
Date: Wed, 15 Dec 1999 16:33:43 +0200
that's correct. RSAREF has an exploitable problem (exploit code released yesterday for ssh-1.2.27). RSA no longer maintains the original freeware RSAREF. they do however give you permission to edit the code to fix this specific problem (according to the cert advisory). generally people outside of the USA don't have to worry, 'cause they're not linked against RSAREF. for once the USA crypto laws did serve a good purpose (unintentionally). see the latest bugtraq archives (http://www.securityfocus.com) for information on fixing the problem. --fungai
Yep all those aplications built with RSA are now exploitable, so, has a pacht been released that addresses this and allows folks to patch RSAREF then rebuild all the applications that use it?
Current thread:
- Re: Looking for "lease based popper access" Rodney van den Oever (Dec 13)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
- RE: Looking for "lease based popper access" Dom De Vitto (Dec 17)
- <Possible follow-ups>
- RE: Looking for "lease based popper access" Jan van Rensburg (Dec 13)
- RE: Looking for "lease based popper access" R. DuFresne (Dec 14)
- RSAREF Patch Leonard Miyata (Dec 15)
- RSAREF bug issues (was Re: Looking for "lease based popper access") Bennett Todd (Dec 15)
- Re: RSAREF bug issues (was Re: Looking for "lease based popper access") R. DuFresne (Dec 17)
- RE: Looking for "lease based popper access" R. DuFresne (Dec 14)
- Re: Looking for "lease based popper access" sedwards (Dec 13)
- RE: Looking for "lease based popper access" Jan van Rensburg (Dec 15)
- Re: Looking for "lease based popper access" Steven M. Bellovin (Dec 15)