oss-sec mailing list archives

Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present

From: Stephen Thorne <stephen () thorne id au>
Date: Wed, 25 Aug 2010 09:45:50 +1000

On 2010-08-24, Jan Lieskovsky wrote:

  Stephen Thorne reported a buffer overread flaw in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).


Those references all look correct, but I have one small niggle, this was not a
buffer overread flaw.

What actually happens is that if a TCP DNS request is required, a logic error
causes a sockopt to be set on the ipv6 resolver fd, which will be fatal if that
resolver is not configured.

-- 
Regards,
Stephen Thorne
Development Engineer
Netbox Blue

Current thread:

CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Jan Lieskovsky (Aug 24)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Stephen Thorne (Aug 24)
  - Re: Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Josh Bressers (Aug 25)
- Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Amos Jeffries (Aug 25)