oss-sec mailing list archives

CVE Request -- Squid -- SQUID-2010_1.txt

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 01 Feb 2010 11:54:37 +0100

Hi Josh, Steve, vendors,

  Squid upstream has released updated versions fixing DoS
when processing specially crafted DNS packets [1].

From the upstream advisory:

"This problem allows any trusted client or external server who can
 determine the squid receiving port to perform a short-term denial
 of service attack on the Squid service."

Could you allocate a CVE id for this? (can't find one in SQUID-2010_1.txt).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

[1] http://www.squid-cache.org/Advisories/SQUID-2010_1.txt

Current thread:

CVE Request -- Squid -- SQUID-2010_1.txt Jan Lieskovsky (Feb 01)
- <Possible follow-ups>
- Re: CVE Request -- Squid -- SQUID-2010_1.txt Josh Bressers (Feb 01)