Squid Proxy Caching Server Heap Overflow in Processing Compressed DNS Responses Could Allow Remote DNS Servers to Crash the Service
|
|
SecurityTracker Alert ID: 1003896 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 26 2002
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Squid-2.x up to and including 2.4.STABLE4
|
Description: A denial of service vulnerability was reported in the Squid proxy caching server. A remote user with control of a DNS server could cause the service to crash.
It is reported that certain error and boundary conditions are not checked when handling compressed DNS answer messages in the internal
DNS code (lib/rfc1035.c). A remote user with a malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV.
It
is reported that the affected code exists in Squid-2.3, Squid-2.4, Squid-2.5 and Squid-2.6/Squid-HEAD, and is enabled by default.
The
vendor notes that this vulnerability was reported by zen-parse.
|
Impact: A remote user with control of a DNS server could send a DNS response message that could trigger a heap buffer overflow in the Squid server, causing the Squid service to crash.
|
Solution: The vendor has released a fixed version (Squid-2.4.STABLE6), available at:
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/
http://www.squid-cache.org/Versions/v2/2.4/
The vendor has also provided the following workaround:
"Squid-2.4, Squid-2.5
and Squid-2.6/Squid-HEAD can be recompiled to use the external DNS server support by running configure with the --disable-internal-dns
option. There is no run-time configuration option to select between the internal/external DNS code.
We recommend that you upgrade,
rather than simply switch to external DNS lookups. The external DNS implementation uses child processes and may negatively affect
Squid's performance, especially for busy caches."
|
Vendor URL: www.squid-cache.org/Advisories/SQUID-2002_2.txt (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 26 Mar 2002 14:51:25 -0500
Subject: Squid Proxy Cache Security Update Advisory SQUID-2002:2
|
This is a multi-part message in MIME format.
--------------010B64A7738FD3F4E40AA95C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
--------------010B64A7738FD3F4E40AA95C
Content-Type: text/plain; charset=us-ascii;
name="SQUID-2002_2.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="SQUID-2002_2.txt"
__________________________________________________________________
Squid Proxy Cache Security Update Advisory SQUID-2002:2
__________________________________________________________________
Advisory ID: SQUID-2002:2
Date: March 26, 2002
Affected versions: Squid-2.x up to and including 2.4.STABLE4
Reported by: zen-parse <zen-parse@gmx.net>
__________________________________________________________________
http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
__________________________________________________________________
Problem Description:
A security issue has recently been found and fixed in the Squid-2.X
releases up to and including 2.4.STABLE4.
Error and boundary conditions were not checked when handling
compressed DNS answer messages in the internal DNS code (lib/rfc1035.c).
A malicous DNS server could craft a DNS reply that causes Squid
to exit with a SIGSEGV.
The relevant code exists in Squid-2.3, Squid-2.4, Squid-2.5 and
Squid-2.6/Squid-HEAD, and is enabled by default.
__________________________________________________________________
Updated Packages:
The Squid-2.4.STABLE6 release contains fixes for all these
problems. You can download the Squid-2.4.STABLE6 release from
ftp://ftp.squid-cache.org/pub/squid-2/STABLE/
http://www.squid-cache.org/Versions/v2/2.4/
or the mirrors (may take a while before all mirrors are updated).
For a list of mirror sites see
http://www.squid-cache.org/Mirrors/ftp-mirrors.html
http://www.squid-cache.org/Mirrors/http-mirrors.html
Individual patches to the mentioned issues can be found from our
patch archive for version Squid-2.4.STABLE4
http://www.squid-cache.org/Versions/v2/2.4/bugs/
The patches should also apply with only a minimal effort to
earlier Squid 2.4 versions if required.
The Squid-2.5 and Squid-2.6/Squid-HEAD nightly snapshots contains
the fixed DNS code.
__________________________________________________________________
Determining if your are vulnerable:
You are vulnerable if you are running these versions of Squid
with internal DNS queries:
* Squid-2.4 version up to and including Squid-2.4.STABLE4
* Squid-2.5 up to the fix date (Tuesday, March 12 2002 UTC)
* Squid-2.6 / Squid-HEAD up to the fix date
(Tuesday, March 12 2002 UTC)
* Squid-2.3
Squid uses the internal DNS implementation by default, and
prints a line like this in cache.log when it is in use:
DNS Socket created at 0.0.0.0, port 4345, FD 5
__________________________________________________________________
Workarounds:
Squid-2.4, Squid-2.5 and Squid-2.6/Squid-HEAD can be recompiled
to use the external DNS server support by running configure with
the --disable-internal-dns option. There is no run-time configuration
option to select between the internal/external DNS code.
We recommend that you upgrade, rather than simply switch to external
DNS lookups. The external DNS implementation uses child processes
and may negatively affect Squid's performance, especially for busy
caches.
__________________________________________________________________
END
--------------010B64A7738FD3F4E40AA95C--
|
|
