Bug 22869 - CVE-2010-0308: squid DoS in DNS handling
Summary: CVE-2010-0308: squid DoS in DNS handling
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: squid (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Alexey Shabalin
QA Contact: qa-sisyphus
URL: http://www.squid-cache.org/Advisories...
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-02-02 00:24 MSK by Dmitry V. Levin
Modified: 2010-10-21 12:14 MSD (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2010-02-02 00:24:38 MSK 
Squid upstream has released updated versions fixing DoS when processing specially crafted DNS packets.

The bug allows any trusted client or external server who can determine the squid receiving port to perform a short-term denial of service attack on the Squid service.
Comment 1 Grigory Batalov 2010-02-03 00:34:37 MSK 
The package needs a new maintainer.
Comment 2 Vitaly Kuznetsov 2010-10-21 12:14:03 MSD 
fixed long ago