oss-sec mailing list archives

Re: CVE-Request: squid pinger remote DoS

From: Marcus Meissner <meissner () suse de>
Date: Tue, 16 Sep 2014 07:17:20 +0200

On Tue, Sep 09, 2014 at 10:53:51AM +0200, Sebastian Krahmer wrote:

Hi

I made a fix for squid 3.4.6 and request a CVE for
this issue:

The pinger code that checks for nodes being alive doesnt
properly validate ICMP and ICMPv6 replies, in particular
icmp6 types which are used to index into a string array.
This could cause crashes when the index is OOB.

A patch is available here:

https://bugzilla.novell.com/show_bug.cgi?id=891268

I also made some cleanups and error checking on the
receive socket.

I am not deep into the overall squid architecture so
I dont know what happens to squid itself when the
pinger sub-process crashes (think SIGPIPE etc). But to me
it looks like you can only DoS the pinger sub-system,
not the whole squid.


Mitre?Ping?

Ciao, Marcus

Current thread:

CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
  - Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
  - Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)