Squid Cache DNS Lookup Spoofing Vulnerability

["Fergie (Paul Ferguson)" <fergdawg () netzero net>]

Given the recent attention to all matters of DNS cache
poisoning (real or imagined), I figured this item might
of interest to the list. I know there's a lot of Squid
Caches out there...

- ferg

[snip]

Via Secunia:
 http://secunia.com/advisories/15294/

Secunia Advisory: SA15294 
Release Date: 2005-05-11
Impact: Spoofing
Where: From local network
Solution Status: Vendor Patch 
Software: Squid 2.x
 
Description:
A vulnerability has been reported in Squid, which can
be exploited by malicious people to spoof DNS lookups.

The vulnerability is caused due to an unspecified
error in the DNS client when handling DNS responses
and can be exploited to spoof DNS lookups.

The vulnerability has been reported in version 2.5
and prior.

Solution:
Apply patch for version 2.5.STABLE9:
http://www.squid-cache.org/Versi...id-2.5.STABLE9-dns_query-2.patch

Original Advisory:
http://www.squid-cache.org/Versi...ugs/#squid-2.5.STABLE9-dns_query

[snip]

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/