Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Aug 2010 09:45:50 +1000
From: Stephen Thorne <stephen@...rne.id.au>
To: oss-security <oss-security@...ts.openwall.com>
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
	Amos Jeffries <amosjeffries@...id-cache.org>,
	Stephen Thorne <stephen@...rne.id.au>
Subject: Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing
 large DNS replies with no IPv6 resolver present

On 2010-08-24, Jan Lieskovsky wrote:
>   Stephen Thorne reported a buffer overread flaw in the way Squid proxy caching server
> processed large DNS replies in cases, when no IPv6 resolver was present.
> A remote attacker could provide DNS reply with large amount of data,
> leading to denial of service (squid server crash).

Those references all look correct, but I have one small niggle, this was not a
buffer overread flaw.

What actually happens is that if a TCP DNS request is required, a logic error
causes a sockopt to be set on the ipv6 resolver fd, which will be fatal if that
resolver is not configured.

-- 
Regards,
Stephen Thorne
Development Engineer
Netbox Blue

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ