Red Hat Bugzilla – Bug 626927
CVE-2010-2951 squid: child assertion failure when processing large DNS replies with no IPv6 resolver present
Last modified: 2010-11-03 19:45:36 EDT
A buffer overread flaw was found in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).
Upstream bug report:
Relevant upstream changeset:
This issue did NOT affect the versions of the squid package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the versions of the squid package, as shipped with
Fedora release of 12 and 13.
Created squid tracking bugs for this issue
Affects: fedora-all [bug 626933]
This affects the 3.1.6 version in Fedora updates-testing only. Issue got introduced in Squid-188.8.131.52. Latest stable release pushed for Fedora is 3.1.4 which do not have this issue.
It's a stability issue where Squid due to a coding error automatically restarts if not able to talk to a resolver over IPv6 and needing to retry the DNS query over TCP.
It's not really something I would grade as a security issue.
And no, it's not a buffer overflow. Just a plain assertion failed crash/abort due to trying to use a unset socket filedescriptor (-1) for talking to the resolver.
Henrik, thank you for clarifications!
*** Bug 649543 has been marked as a duplicate of this bug. ***