HTTP Browser Authentification Bug and some more bugs

To: debian-security <debian-security@lists.debian.org>
Subject: HTTP Browser Authentification Bug and some more bugs
From: Konstantin <mailoperator@uni.de>
Date: Wed, 31 Mar 2004 10:40:42 +0200
Message-id: <[🔎] 20040331104042.53fc86c4.mailoperator@uni.de>

hi,

further information are here:

http://www.ietf.org/rfc/rfc1945.txt

great idea until this is fixed(not mine):
Stop all http and https servers and don't visit
sites which works with the from design related unsecure http protocol!
HEY, don't blame me, it's translated from german to english, read for yourself:
http://www.heise.de/security/news/meldung/46175

there are some more:
squid has a security Problem too, don't know whether debian-packages has the same problem:
https://rhn.redhat.com/errata/RHSA-2004-134.html
and tcpdump has 2 overflows:
http://www.rapid7.com/advisories/R7-0017.html




Greetz

Konstantin


-- 
Building an operating system without source code is like buying
a self-assembly Space Shuttle with no instructions.

Reply to:

Follow-Ups:
- Re: HTTP Browser Authentification Bug and some more bugs
  - From: Rolf Kutz <kutz@netcologne.de>

Prev by Date: Re: VPN Firewall Kernel
Next by Date: Re: HTTP Browser Authentification Bug and some more bugs
Previous by thread: Re: VPN Firewall Kernel
Next by thread: Re: HTTP Browser Authentification Bug and some more bugs
Index(es):
- Date
- Thread