Re: OpenSSL-0.9.6a has security fixes

From: Ariel Waissbein (core.lists.bugtraq@CORE-SDI.COM)
Date: Wed Apr 25 2001 - 20:33:13 CEST

  • Next message: Markus Friedl: "Re: OpenSSL-0.9.6a has security fixes"

    There seems to be an typo in the following post. It is RSA and not DSA.
    The source, OpenSSL's webpage, has the same typo. Refer to
    http://www.securityfocus.com/bid/2344
    (or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).

    Daniel Bleichenbacher's webpage at Bell is
    http://www.bell-labs.com/user/bleichen/bib.html

    Jim Knoble wrote:
    >
    > This doesn't seem to have been announced here: OpenSSL-0.9.6a appears

    [snip]

    > - Security fix: prevent Bleichenbacher's DSA attack.

    it should be Bleichenbacher's RSA attack and not DSA

    [snip]

    > Complete text of the announcement available at:
    >
    > http://www.openssl.org/news/announce.html
    >
    > --
    > jim knoble | jmknoble@jmknoble.cx | http://www.jmknoble.cx/
    > (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
    >
    > ------------------------------------------------------------------------
    > Part 1.2Type: application/pgp-signature

    regards,
     Ariel Waissbein

    --
    ===========[ CORE Seguridad de la Informacion S.A. ]=========
    Ariel Waissbein
    Researcher - Corelabs
    

    email : ariel_waissbein@core-sdi.com http://www.core-sdi.com =========================================================

    I was scared. Petrified. Because (x) hearing voices isn't like catching a cold, you can't get rid of it with lemmon tea (y) it's inside, it is not some naevus, an epidermal blemish you can cover up or cauterise (z) I had no control over it. It was there of its own volition, just stopped in and (zz) I was going bananas. -Tibor Fischer ``The Thought Gang"

    --- For a personal reply use wata@core-sdi.com



    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 22:03:51 CEST