Bugtraq mailing list archives
Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy
From: f.c.w.donck () SIEP SHELL COM (Fred Donck)
Date: Mon, 20 Jul 1998 21:37:21 +0200
This is a multi-part message in MIME format. --------------E5DDC0B8E9C6864BE87CCF5E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit All, See attached from the squid-users mailing-list -- Fred --------------E5DDC0B8E9C6864BE87CCF5E Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from ksopenml.ksepl.shell.nl by swwrij.ksepl.shell.nl (8.8.7/8.8.7-Fred.Donck/EPT-IS) id RAA16224; Mon, 20 Jul 1998 17:11:18 +0200 (MET DST) Received: from shell.nl by ksopenml.ksepl.shell.nl with ESMTP (1.40.112.12/16.2) id AA152267477; Mon, 20 Jul 1998 17:11:17 +0200 Received: by shell.nl; id RAA05696; Mon, 20 Jul 1998 17:11:16 +0200 (METDST) Received: from ack.ucar.edu(192.52.106.29) by charon-1.shell.nl via smap (3.2) id xma005585; Mon, 20 Jul 98 17:10:41 +0200 Received: (from slist@localhost) by ircache.net (8.8.6/8.8.6) id IAA02926 for fred () siep shell com; Mon, 20 Jul 1998 08:10:40 -0700 (PDT) Resent-Date: Mon, 20 Jul 1998 08:10:40 -0700 (PDT) Date: Mon, 20 Jul 1998 10:09:38 -0500 Message-Id: <199807201509.KAA26183 () jello csc ti com> From: Joe Ramey <ramey () csc ti com> To: hno () hem passagen se Cc: squid-users () ircache net In-Reply-To: <35AFCEB9.9E4500A () hem passagen se> (message from Henrik Nordstrom on Sat, 18 Jul 1998 00:22:49 +0200) Subject: Re: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Reply-To: ramey () csc ti com References: <35AFCEB9.9E4500A () hem passagen se> Resent-Message-Id: <"807OuD.A.5j.Z31s1"@ack.ircache.net> Resent-From: squid-users () ircache net X-Mailing-List: <squid-users () ircache net> archive/latest/852 X-Loop: squid-users () ircache net Precedence: list Resent-Sender: squid-users-request () ircache net X-Mozilla-Status2: 00000000 Date: Sat, 18 Jul 1998 00:22:49 +0200 Content-Type: text/plain; charset=iso-8859-1 From: Henrik Nordstrom <hno () hem passagen se> Sender: hno () hem passagen se X-MIME-Autoconverted: from quoted-printable to 8bit by ircache.net id PAA06782 Resent-From: squid-users () ircache net X-Mailing-List: <squid-users () ircache net> archive/latest/793 X-Loop: squid-users () ircache net Precedence: list Resent-Sender: squid-users-request () ircache net If you are using Squid 1.2beta and Netscape 4.x then you MUST use different server names for your HTTP and Security (SSL) proxy. This is due to a bug in Netscape4.0x that may cause https requests to be sent in plain text to a Squid 1.2beta proxy server. FWIW, this bug is still present in the latest Netscape beta, 4.5 PR1. I reported this bug to them several months ago. Guess it's time to report it again. Joe --------------E5DDC0B8E9C6864BE87CCF5E--
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 17)
- Buffer overflows. was Re: EMERGENCY: new remote root exploit in Craig Spannring (Jul 17)
- Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit Geoffrey KEATING (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd FanLi Tai (Jul 18)
- Re: EMERGENCY: new remote root exploit in UW imapd Brett Lymn (Jul 19)
- SECURITY: imap-4.1.final now available twiztah (Jul 16)
- Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- New Java Security Flaw Found Gary McGraw (Jul 17)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
- Re: New Java Security Flaw Found Sean Garagan (Jul 20)
- Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
- N-Base Vulnerability Advisory TTSG (Jul 20)
- IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability SGI Security Coordinator (Jul 20)
- IRIX 6.3 & 6.4 mailcap vulnerability SGI Security Coordinator (Jul 20)
- Bounds Checking Aleph One (Jul 20)
- Re: Bounds Checking Ari Heitner (Jul 21)
- Re: Bounds Checking Andrew McNaughton (Jul 21)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
- Re: EMERGENCY: new remote root exploit in UW imapd Andy Church (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)