nanog mailing list archives
Re: Squid Cache DNS Lookup Spoofing Vulnerability
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 11 May 2005 15:13:02 +0200
Description: A vulnerability has been reported in Squid, which can be exploited by malicious people to spoof DNS lookups. The vulnerability is caused due to an unspecified error in the DNS client when handling DNS responses and can be exploited to spoof DNS lookups.
The Squid description offers slightly more details: | Malicious users may spoof DNS lookups if the DNS client UDP port | (random, assigned by OS at startup) is unfiltered and your network is | not protected from IP spoofing. <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query> This probably means that it's not possible to exploit this in a scalable way, just by manipulating authoritative name server replies. Most stub resolvers suffer from similar problems. Sometimes this is an explicit design decision (to keep the code as simple as possible). It's also not completely fixable because the DNS protocol requires a 16-bit message ID.
Current thread:
- Squid Cache DNS Lookup Spoofing Vulnerability Fergie (Paul Ferguson) (May 11)
- Re: Squid Cache DNS Lookup Spoofing Vulnerability Florian Weimer (May 11)