oss-security - Re: Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present

Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Wed, 25 Aug 2010 10:24:50 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Amos Jeffries <amosjeffries@...id-cache.org>,
        Stephen Thorne <stephen@...rne.id.au>
Subject: Re: Re: CVE Request -- Squid v3.1.6 -- DoS (crash)
 while processing large DNS replies with no IPv6 resolver present

Please use CVE-2010-2951 for this.

Thanks.

-- 
    JB


----- "Stephen Thorne" <stephen@...rne.id.au> wrote:

> On 2010-08-24, Jan Lieskovsky wrote:
> >   Stephen Thorne reported a buffer overread flaw in the way Squid
> proxy caching server
> > processed large DNS replies in cases, when no IPv6 resolver was
> present.
> > A remote attacker could provide DNS reply with large amount of
> data,
> > leading to denial of service (squid server crash).
> 
> Those references all look correct, but I have one small niggle, this
> was not a
> buffer overread flaw.
> 
> What actually happens is that if a TCP DNS request is required, a
> logic error
> causes a sockopt to be set on the ipv6 resolver fd, which will be
> fatal if that
> resolver is not configured.
> 
> -- 
> Regards,
> Stephen Thorne
> Development Engineer
> Netbox Blue

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.