6412480 2001-04-24 15:40 -0400 /30 rader/ Jim Knoble <jmknoble@JMKNOBLE.CX>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-25 17:50 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: jmknoble@jmknoble.cx
Mottagare: Bugtraq (import) <16766>
Ärende: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
to have been released somewhat quietly, and also appears to include
several security fixes:
- Security fix: change behavior of OpenSSL to avoid using environment
variables when running as root.
- Security fix: check the result of RSA-CRT to reduce the possibility
of deducing the private key from an incorrectly calculated signature.
- Security fix: prevent Bleichenbacher's DSA attack.
- Security fix: Zero the premaster secret after deriving the master
secret in DH ciphersuites.
Also:
We consider OpenSSL 0.9.6a to be the best version of OpenSSL
available and we strongly recommend that users of older versions,
especially of old SSLeay versions, upgrade as soon as possible.
Complete text of the announcement available at:
http://www.openssl.org/news/announce.html
-- jim knoble | jmknoble@jmknoble.cx | http://www.jmknoble.cx/
(GnuPG fingerprint:
31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
(6412480) /Jim Knoble <jmknoble@JMKNOBLE.CX>/(Ombruten)
Bilaga (application/pgp-signature) i text 6412481
6412481 2001-04-24 15:40 -0400 /10 rader/ Jim Knoble <jmknoble@JMKNOBLE.CX>
Importerad: 2001-04-25 17:50 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: jmknoble@jmknoble.cx
Mottagare: Bugtraq (import) <16767>
Bilaga (text/plain) till text 6412480
Ärende: Bilaga till: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (Linux)
Comment: finger jmknoble@pobox.com for GnuPG public key
iEYEARECAAYFAjrl1pcACgkQKJ/qqBOBFJEH1ACbBbQ81tGoDFmrKBppuy8+w9+E
lDoAnjqKwG/KsK6Z4uT/V3iNARN2cX68
=tL7t
-----END PGP SIGNATURE-----
(6412481) /Jim Knoble <jmknoble@JMKNOBLE.CX>/-------
6414625 2001-04-25 15:33 -0300 /58 rader/ Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-26 08:59 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: core.lists.bugtraq@CORE-SDI.COM
Mottagare: Bugtraq (import) <16791>
Ärende: Re: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
From: Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <3AE70975.F9B60B6F@core-sdi.com>
There seems to be an typo in the following post. It is RSA and not
DSA. The source, OpenSSL's webpage, has the same typo. Refer to
http://www.securityfocus.com/bid/2344 (or
http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).
Daniel Bleichenbacher's webpage at Bell is
http://www.bell-labs.com/user/bleichen/bib.html
Jim Knoble wrote:
>
> This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
[snip]
> - Security fix: prevent Bleichenbacher's DSA attack.
it should be Bleichenbacher's RSA attack and not DSA
[snip]
> Complete text of the announcement available at:
>
> http://www.openssl.org/news/announce.html
>
> --
> jim knoble | jmknoble@jmknoble.cx | http://www.jmknoble.cx/
> (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
regards,
Ariel Waissbein
--
===========[ CORE Seguridad de la Informacion S.A. ]=========
Ariel Waissbein
Researcher - Corelabs
email : ariel_waissbein@core-sdi.com
http://www.core-sdi.com
=========================================================
I was scared. Petrified. Because (x) hearing voices isn't like
catching a cold, you can't get rid of it with lemmon tea (y)
it's inside, it is not some naevus, an epidermal blemish you
can cover up or cauterise (z) I had no control over it. It was
there of its own volition, just stopped in and (zz) I was going
bananas.
-Tibor Fischer ``The Thought Gang"
--- For a personal reply use wata@core-sdi.com
(6414625) /Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>/(Ombruten)
Kommentar i text 6418174 av Markus Friedl <Markus_Friedl@GENUA.DE>
Kommentar i text 6418276 av Dan Riley <dsr@MAIL.LNS.CORNELL.EDU>
6418174 2001-04-26 09:10 +0200 /28 rader/ Markus Friedl <Markus_Friedl@GENUA.DE>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-26 18:47 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: Markus_Friedl@GENUA.DE
Mottagare: Bugtraq (import) <16798>
Kommentar till text 6414625 av Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
Ärende: Re: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
From: Markus Friedl <Markus_Friedl@GENUA.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010426091014.A2571@quin.genua.de>
On Wed, Apr 25, 2001 at 03:33:13PM -0300, Ariel Waissbein wrote:
> There seems to be an typo in the following post. It is RSA and not DSA.
no, it's DSA not RSA, it's not a typo.
Bleichenbacher has discovered both attacks on RSA and on DSA:
http://www.lucent.com/press/0201/010205.bla.html
> The source, OpenSSL's webpage, has the same typo. Refer to
no.
> > - Security fix: prevent Bleichenbacher's DSA attack.
>
> it should be Bleichenbacher's RSA attack and not DSA
just look at the code.
cheers,
-markus
(6418174) /Markus Friedl <Markus_Friedl@GENUA.DE>/--
6418276 2001-04-26 11:06 -0400 /32 rader/ Dan Riley <dsr@MAIL.LNS.CORNELL.EDU>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-26 19:34 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: dsr@MAIL.LNS.CORNELL.EDU
Mottagare: Bugtraq (import) <16802>
Kommentar till text 6414625 av Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
Ärende: Re: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
From: Dan Riley <dsr@MAIL.LNS.CORNELL.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <shvgnrk8ej.fsf@lns130.lns.cornell.edu>
Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM> writes:
> There seems to be an typo in the following post. It is RSA and not DSA.
> The source, OpenSSL's webpage, has the same typo. Refer to
> http://www.securityfocus.com/bid/2344
> (or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).
[...]
> Jim Knoble wrote:
> > This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
> [snip]
> > - Security fix: prevent Bleichenbacher's DSA attack.
>
> it should be Bleichenbacher's RSA attack and not DSA
Bleichenbacher did find a theoretical (but not very practical to
exploit) bias in the DSA recommended method of selecting k [1],
and that bias is fixed in OpenSSL-0.9.6a:
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
Bleichenbacher's DSA attack.
[1] http://www.infoworld.com/articles/hn/xml/01/02/05/010205hndsa.xml
http://www.mail-archive.com/coderpunks@toad.com/msg04228.html
--
Dan Riley dsr@mail.lns.cornell.edu
Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
"History teaches us that days like this are best spent in bed"
(6418276) /Dan Riley <dsr@MAIL.LNS.CORNELL.EDU>/----
6419469 2001-04-26 13:08 -0400 /24 rader/ Steven M. Bellovin <smb@RESEARCH.ATT.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-27 07:24 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: smb@RESEARCH.ATT.COM
Mottagare: Bugtraq (import) <16810>
Ärende: Re: OpenSSL-0.9.6a has security fixes
------------------------------------------------------------
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010426170818.55EB37B7D@berkshire.research.att.com>
In message <3AE70975.F9B60B6F@core-sdi.com>, Ariel Waissbein writes:
>There seems to be an typo in the following post. It is RSA and not DSA.
>The source, OpenSSL's webpage, has the same typo. Refer to
>http://www.securityfocus.com/bid/2344
>(or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).
>
>Daniel Bleichenbacher's webpage at Bell is
>http://www.bell-labs.com/user/bleichen/bib.html
Hmm -- Bleichenbacher has found a flaw in DSA, too; see
http://www.lucent.com/press/0201/010205.bla.html. Last time I spoke
with him, the full technical paper was not yet available; it's
supposed to be presented next month at EUROCRYPT.
But I have no idea if OpenSSL has actually fixed that problem...
--Steve Bellovin, http://www.research.att.com/~smb
(6419469) /Steven M. Bellovin <smb@RESEARCH.ATT.COM>/(Ombruten)