(Caldera Issues Fix for OpenServer) Squid Proxy Caching Server Heap Overflow in Processing Compressed DNS Responses Could Allow Remote DNS Servers to Crash the Service
|
|
SecurityTracker Alert ID: 1004548 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 17 2002
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Squid-2.x up to and including 2.4.STABLE4
|
Description: A denial of service vulnerability was reported in the Squid proxy caching server. A remote user with control of a DNS server could cause the service to crash.
It is reported that certain error and boundary conditions are not checked when handling compressed DNS answer messages in the internal
DNS code (lib/rfc1035.c). A remote user with a malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV.
It
is reported that the affected code exists in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-2.6/Squid-HEAD, and is enabled by default.
The
vendor notes that this vulnerability was reported by zen-parse.
|
Impact: A remote user with control of a DNS server could send a DNS response message that could trigger a heap buffer overflow in the Squid server, causing the Squid service to crash.
|
Solution: Caldera (SCO) has released a fix for OpenServer 5.0.6a:
Location of Fixed Binaries
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.26
Verification
MD5 (VOL.000.000) = 87accd0ac60bf509b86e66bb74062168
MD5 (VOL.000.001) = 4f709bb2f81fbb72e46f9f3608bca6e6
MD5 (VOL.000.002)
= eb7964ff9190da6749341170ce779b12
MD5 (VOL.000.003) = 8be5cc4f62eb83d65541c491cbaaad3c
Installing Fixed Binaries
Upgrade
the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command,
specify an install from media images, and specify the /tmp directory as the location of the images.
|
Vendor URL: www.squid-cache.org/Advisories/SQUID-2002_2.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (Open UNIX-SCO)
|
Underlying OS Comments: OpenServer 5.0.6a
|
Reported By: security@caldera.com
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 13 Jun 2002 16:59:03 -0700
From: security@caldera.com
Subject: Security Update: [CSSA-2002-SCO.26] OpenServer 5.0.6a : squid compressed DNS answer message boundary failure
|
--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer 5.0.6a : squid compressed DNS answer message boundary failure
Advisory number: CSSA-2002-SCO.26
Issue date: 2002 June 13
Cross reference:
______________________________________________________________________________
1. Problem Description
From Squid advisory SQUID-2002:2 : Error and boundary
conditions were not checked when handling compressed DNS
answer messages in the internal DNS code (lib/rfc1035.c).
A malicious DNS server could craft a DNS reply that would
cause Squid to exit with a SIGSEGV.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6a /opt/K/SCO/Squid/2.4.6/*
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6a
4.1 Location of Fixed Binaries
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.26
4.2 Verification
MD5 (VOL.000.000) = 87accd0ac60bf509b86e66bb74062168
MD5 (VOL.000.001) = 4f709bb2f81fbb72e46f9f3608bca6e6
MD5 (VOL.000.002) = eb7964ff9190da6749341170ce779b12
MD5 (VOL.000.003) = 8be5cc4f62eb83d65541c491cbaaad3c
md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
5. References
Specific references for this advisory:
http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Caldera security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr862189, fz520428,
erg712012.
6. Disclaimer
Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.
7. Acknowledgements
This vulnerability was discovered and researched by zen-parse
<zen-parse@gmx.net>.
______________________________________________________________________________
--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj0JMccACgkQaqoBO7ipriG36QCdE37UErfiBVK6ZQakpT43NPO5
64YAn3+alHltLIX+a5LAAz/UEAhfRBQQ
=lETA
-----END PGP SIGNATURE-----
--uAKRQypu60I7Lcqm--
|
|
