lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <275620000.1037830853@worker.muc.bieringer.de>
From: pb at bieringer.de (Peter Bieringer)
Subject: Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site

Hi,

sure very late, forgotten. This is not a real advisory but for
information, because problem was found during private usage.


Problem found with version

        opera-6.03-20020813.3-shared-qt.i386.rpm
        (perhaps older versions, too)

on a Red Hat Linux 7.3 fully updated system (time around August)

Used squid version: 2.4.STABLE6-6.7.3


Problem description:

In case of using Squid as HTTPS-proxy Opera crashes reproducable if a
HTTPS request was started to a site after (not by a global CA signed)
certificate was accepted:

URL tried: https://www.aerasec.de/

Without HTTPS-proxy (direct connection) Opera didn't crash.


Solution:
Upgrade to availible version 6.10 or later


History:
2002 Aug 19: first report to Opera to security at opera dot com
2002 Aug 20: first reaction
2002 Sep ??: provide core file, strace and captured packets
2002 Oct 04: reproduced by Opera, told that pre-release of 6.1 is ok
2002 Nov ??: 6.10 was released without this problem


They told me nothing about the reason of the problem, the
reproduction of the problem needs more time than their check that the
pre-release of 6.10 has no problems...


BTW: Sometimes the newer version of Opera (Linux, but also Window)
still crashes mostly on heavy usage of different SSL sites, has
someone else such experiences made?


        Peter

---
Dr. Peter Bieringer
mailto: pb at bieringer dot de
http://www.bieringer.de/pb/
Key 0x958F422D : B501 24F4 9418 23E2 C0F3  F833 7B57 AA7B 958F 422D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021120/a8c52ce5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ