Hi Harry,
We have an rsa key generator tool to produce a new rsa key for xrdp server
usage.
You can use it to reproduce a new unique key.
Idan Freiberg
On Aug 18, 2014 8:59 PM, "Harry Johnston [via XRDP Devel]" <
ml-node+s766250n4025659...@n3.nabble.com> wrote:
> Hi,
>
> I'm concerned that a number of web sites wrongly claim or imply that the
> vulnerability described in CVE-2005-1794 doesn't apply to xrdp, e.g., see
>
> http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1794.html
>
> and
>
> https://security-tracker.debian.org/tracker/CVE-2005-1794
>
> (As a result of this misinformation, we almost dismissed the report from
> our vulnerability scanner as a false positive. There are of course many
> situations in which this vulnerability is not a problem, and in fact we're
> considering it a low priority, but in some environments this could have
> been a serious oversight.)
>
> The descriptions of this CVE on sites like Mitre, Secunia, etc., generally
> make no mention of xrdp either way, but the way the vulnerability is
> described could easily lead people to assume that it does not apply to xrdp.
>
> I'm intending to discuss this with some of the relevant organizations,
> with the intent of either adding references to xrdp to the most prominent
> online sources or perhaps issuing a new CVE; I'm not sure what the
> precedent is in cases like this. However, I thought I should discuss it
> with you first, in case you wanted to coordinate, or be CC'd in, or
> whatever.
>
> Thoughts?
>
> Harry.
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> xrdp-devel mailing list
> [hidden email] <http://user/SendEmail.jtp?type=node&node=4025659&i=0>
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://xrdp-devel.766250.n3.nabble.com/Xrdp-devel-CVE-2005-1794-tp4025659.html
> To start a new topic under XRDP Devel, email
> ml-node+s766250n76625...@n3.nabble.com
> To unsubscribe from XRDP Devel, click here
> <http://xrdp-devel.766250.n3.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=766250&code=c3BlaWR5QGdtYWlsLmNvbXw3NjYyNTB8MTQyNDIyNzM0OQ==>
> .
> NAML
> <http://xrdp-devel.766250.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context:
http://xrdp-devel.766250.n3.nabble.com/Re-Xrdp-devel-CVE-2005-1794-tp4025662.html
Sent from the XRDP Devel mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
