[20454] in bugtraq
Re: OpenSSL-0.9.6a has security fixes
daemon@ATHENA.MIT.EDU (Ariel Waissbein)
Thu Apr 26 03:11:42 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3AE70975.F9B60B6F@core-sdi.com>
Date: Wed, 25 Apr 2001 15:33:13 -0300
Reply-To: Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
From: Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
There seems to be an typo in the following post. It is RSA and not DSA.
The source, OpenSSL's webpage, has the same typo. Refer to
http://www.securityfocus.com/bid/2344
(or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).
Daniel Bleichenbacher's webpage at Bell is
http://www.bell-labs.com/user/bleichen/bib.html
Jim Knoble wrote:
>
> This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
[snip]
> - Security fix: prevent Bleichenbacher's DSA attack.
it should be Bleichenbacher's RSA attack and not DSA
[snip]
> Complete text of the announcement available at:
>
> http://www.openssl.org/news/announce.html
>
> --
> jim knoble | jmknoble@jmknoble.cx | http://www.jmknoble.cx/
> (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
regards,
Ariel Waissbein
--
===========[ CORE Seguridad de la Informacion S.A. ]=========
Ariel Waissbein
Researcher - Corelabs
email : ariel_waissbein@core-sdi.com
http://www.core-sdi.com
=========================================================
I was scared. Petrified. Because (x) hearing voices isn't like
catching a cold, you can't get rid of it with lemmon tea (y)
it's inside, it is not some naevus, an epidermal blemish you
can cover up or cauterise (z) I had no control over it. It was
there of its own volition, just stopped in and (zz) I was going
bananas.
-Tibor Fischer ``The Thought Gang"
--- For a personal reply use wata@core-sdi.com
