oss-sec mailing list archives

CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 24 Aug 2010 19:38:19 +0200

Hi Steve, vendors,

  Stephen Thorne reported a buffer overread flaw in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).

Upstream bug report:
  [1] http://bugs.squid-cache.org/show_bug.cgi?id=3021

Relevant upstream changeset:
  [2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072

References:
  [3] http://marc.info/?l=squid-users&m=128263555724981&w=2
  [4] https://bugzilla.redhat.com/show_bug.cgi?id=626927
  [5] http://bugs.gentoo.org/show_bug.cgi?id=334263

Could you allocate CVE id for this issue?

Amos, Stephen please correct me, if some of [1] and [2] doesn't correspond to:

"One regression introduced with 3.1.6 when contacting IPv4-only DNS
resolvers opens a small but exploitable DoS vulnerability."

issue mentioned in [3].

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Jan Lieskovsky (Aug 24)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Stephen Thorne (Aug 24)
  - Re: Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Josh Bressers (Aug 25)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Amos Jeffries (Aug 25)