Re: CVE Request -- Squid -- SQUID-2010_1.txt

[Josh Bressers <bressers () redhat com>]

----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

> Hi Josh, Steve, vendors,
>
>    Squid upstream has released updated versions fixing DoS
> when processing specially crafted DNS packets [1].
>
>  From the upstream advisory:
>
> "This problem allows any trusted client or external server who can
>   determine the squid receiving port to perform a short-term denial
>   of service attack on the Squid service."
>
> Could you allocate a CVE id for this? (can't find one in
> SQUID-2010_1.txt).
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
> [1] http://www.squid-cache.org/Advisories/SQUID-2010_1.txt

Please use CVE-2010-0308 for this.

Thanks.

-- 
    JB