Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Oct 2011 18:21:35 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com,
        Henrik Nordstrom <henrik@...riknordstrom.net>,
        Jiri Skala <jskala@...hat.com>
Subject: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME
 DNS record pointing to another CNAME record pointing to an empty A-record

Hello Steve, vendors,

   an invalid free flaw was found in the way Squid proxy caching server
processed DNS requests, where one CNAME record pointed to another CNAME
record pointing to an empty A-record. A remote attacker could issue a
specially-crafted DNS request, leading to denial of service (squid 
daemon abort).

Upstream bug report:
[1] http://bugs.squid-cache.org/show_bug.cgi?id=3237

Relevant upstream patch:
[2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10384

References:
[3] http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html
[4] http://bugs.squid-cache.org/show_bug.cgi?id=3237#c4
[5] http://bugs.squid-cache.org/show_bug.cgi?id=3237#c5
[6] https://bugzilla.redhat.com/show_bug.cgi?id=750316

Could you allocate a CVE id for this? (cc-ed Henrik and Jiri
for their opinion / comments too, if this should be considered
a security issue or not)

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ