oss-sec mailing list archives
Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present
From: Amos Jeffries <squid3 () treenet co nz>
Date: Wed, 25 Aug 2010 19:18:32 +1200
Jan Lieskovsky wrote:
Hi Steve, vendors,Stephen Thorne reported a buffer overread flaw in the way Squid proxy caching serverprocessed large DNS replies in cases, when no IPv6 resolver was present. A remote attacker could provide DNS reply with large amount of data, leading to denial of service (squid server crash). Upstream bug report: [1] http://bugs.squid-cache.org/show_bug.cgi?id=3021 Relevant upstream changeset: [2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072
Also for use as needed our patch archive copy: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch
References: [3] http://marc.info/?l=squid-users&m=128263555724981&w=2 [4] https://bugzilla.redhat.com/show_bug.cgi?id=626927 [5] http://bugs.gentoo.org/show_bug.cgi?id=334263 Could you allocate CVE id for this issue?Amos, Stephen please correct me, if some of [1] and [2] doesn't correspond to:"One regression introduced with 3.1.6 when contacting IPv4-only DNS resolvers opens a small but exploitable DoS vulnerability." issue mentioned in [3]. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Henrik covered the rest in your bug report [4]. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.7 Beta testers wanted for 3.2.0.1
Current thread:
- CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Jan Lieskovsky (Aug 24)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Stephen Thorne (Aug 24)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Amos Jeffries (Aug 25)