SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Squid Vendors:   [Multiple Authors/Vendors]
(Caldera Issues Fix for OpenLinux Server)Re: Squid Proxy Caching Server Heap Overflow in Processing Compressed DNS Responses Could Allow Remote DNS Servers to Crash the Service
SecurityTracker Alert ID:  1004164
SecurityTracker URL:  http://securitytracker.com/id/1004164
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 26 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Squid-2.x up to and including 2.4.STABLE4
Description:   A denial of service vulnerability was reported in the Squid proxy caching server. A remote user with control of a DNS server could cause the service to crash.

It is reported that certain error and boundary conditions are not checked when handling compressed DNS answer messages in the internal DNS code (lib/rfc1035.c). A remote user with a malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV.

It is reported that the affected code exists in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-2.6/Squid-HEAD, and is enabled by default.

The vendor notes that this vulnerability was reported by zen-parse.

Impact:   A remote user with control of a DNS server could send a DNS response message that could trigger a heap buffer overflow in the Squid server, causing the Squid service to crash.
Solution:   Caldera has released a fix.

For OpenLinux 3.1.1 Server:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

ce1fbb905f270ca49d9151b6b40507c9 squid-2.4.STABLE2-4.i386.rpm

To install:

rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

Source Packages:

b5001b17b2b841a6cd8b196d5789db64 squid-2.4.STABLE2-4.src.rpm


For OpenLinux 3.1 Server:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

9a72c528ba333d87e1d6719340ee768b squid-2.4.STABLE2-4.i386.rpm

To install:

rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

Source Packages:

cd38d3243263a06eba7c20c836709711 squid-2.4.STABLE2-4.src.rpm

Vendor URL:  www.squid-cache.org/Advisories/SQUID-2002_2.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Server 3.1, 3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Mar 26 2002 Squid Proxy Caching Server Heap Overflow in Processing Compressed DNS Responses Could Allow Remote DNS Servers to Crash the Service



 Source Message Contents

Subject:  Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure


--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com 

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: squid compressed DNS answer message boundary failure
Advisory number: 	CSSA-2002-017.0
Issue date: 		2002 April 25
Cross reference:
______________________________________________________________________________


1. Problem Description

	From Squid advisory SQUID-2002:2 : Error and boundary conditions
	were not checked when handling compressed DNS answer messages in
	the internal DNS code (lib/rfc1035.c). A malicious DNS server
	could craft a DNS reply that would cause Squid to exit with
	a SIGSEGV.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to squid-2.4.STABLE2-4.i386.rpm

	OpenLinux 3.1 Server		prior to squid-2.4.STABLE2-4.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	ce1fbb905f270ca49d9151b6b40507c9	squid-2.4.STABLE2-4.i386.rpm

	4.3 Installation

	rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	b5001b17b2b841a6cd8b196d5789db64	squid-2.4.STABLE2-4.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	5.2 Packages

	9a72c528ba333d87e1d6719340ee768b	squid-2.4.STABLE2-4.i386.rpm

	5.3 Installation

	rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	5.5 Source Packages

	cd38d3243263a06eba7c20c836709711	squid-2.4.STABLE2-4.src.rpm


6. References

	Specific references for this advisory:

		http://www.squid-cache.org/Advisories/SQUID-2002_2.txt

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security fix closes Caldera incidents sr862189, fz520428,
	and erg711999.


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


8. Acknowledgements

	This vulnerability was discovered and researched by zen-parse
	<zen-parse@gmx.net>.

______________________________________________________________________________

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzIn6wACgkQbluZssSXDTG7agCgoRgbo3mD/9UoWSggSZkr+Ldb
ts4AoPt4k1z4thZG/cAzPCgYc079KpsB
=1Rii
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC