oss-sec mailing list archives

CVE-Request: squid pinger remote DoS

From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 9 Sep 2014 10:53:51 +0200

Hi

I made a fix for squid 3.4.6 and request a CVE for
this issue:

The pinger code that checks for nodes being alive doesnt
properly validate ICMP and ICMPv6 replies, in particular
icmp6 types which are used to index into a string array.
This could cause crashes when the index is OOB.

A patch is available here:

https://bugzilla.novell.com/show_bug.cgi?id=891268

I also made some cleanups and error checking on the
receive socket.

I am not deep into the overall squid architecture so
I dont know what happens to squid itself when the
pinger sub-process crashes (think SIGPIPE etc). But to me
it looks like you can only DoS the pinger sub-system,
not the whole squid.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

Current thread:

CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
  - Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
  - Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)