Bug 152915 - CAN-2005-0446 squid DoS
CAN-2005-0446 squid DoS
Status: CLOSED DUPLICATE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-10 15:37 EST by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:08:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:31:54 EST
A bug was found in the way Squid handles FQDN lookups. It was possible
to crash the Squid server by sending a carefully crafted DNS response to
an FQDN lookup. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0446 to this issue. 

https://rhn.redhat.com/errata/RHSA-2005-173.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0446

Must base packages on the ones from bug 2150



------- Additional Comments From jpdalbec@ysu.edu 2005-03-11 03:58:58 ----

05.10.28 CVE: CAN-2005-0626
Platform: Cross Platform
Title: Squid Proxy Set-Cookie Information Disclosure
Description: Squid is web proxy software. It is affected by a remote
information disclosure problem. The issue presents itself when the
requested server employs the Netscape "Set-Cookie" specifications.
Squid Proxy versions 2.5 STABLE7 through version 2.5 STABLE9 are
affected.
Ref: http://www.securityfocus.com/advisories/8208 



------- Additional Comments From pekkas@netcore.fi 2005-03-18 09:26:01 ----

Because there haven't been any VERIFY votes for the previous squid version, I
guess it would make sense to fold this into the same mess.

I suggest we track this under #2150..



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-19 11:44:43 ----

Well, if we track it in 2150, we should close this one.

*** This bug has been marked as a duplicate of 2150 ***



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:31 -------

This bug previously known as bug 2446 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2446
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Red Hat Bugzilla 2006-02-21 14:08:19 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.