Date: Wed, 25 Aug 2010 10:24:50 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Amos Jeffries <amosjeffries@...id-cache.org>, Stephen Thorne <stephen@...rne.id.au> Subject: Re: Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Please use CVE-2010-2951 for this. Thanks. -- JB ----- "Stephen Thorne" <stephen@...rne.id.au> wrote: > On 2010-08-24, Jan Lieskovsky wrote: > > Stephen Thorne reported a buffer overread flaw in the way Squid > proxy caching server > > processed large DNS replies in cases, when no IPv6 resolver was > present. > > A remote attacker could provide DNS reply with large amount of > data, > > leading to denial of service (squid server crash). > > Those references all look correct, but I have one small niggle, this > was not a > buffer overread flaw. > > What actually happens is that if a TCP DNS request is required, a > logic error > causes a sockopt to be set on the ipv6 resolver fd, which will be > fatal if that > resolver is not configured. > > -- > Regards, > Stephen Thorne > Development Engineer > Netbox Blue
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ