Bug 626927 - (CVE-2010-2951) CVE-2010-2951 squid: child assertion failure when processing large DNS replies with no IPv6 resolver present
CVE-2010-2951 squid: child assertion failure when processing large DNS replie...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
: 649543 (view as bug list)
Depends On: 626933
  Show dependency treegraph
Reported: 2010-08-24 13:25 EDT by Jan Lieskovsky
Modified: 2010-11-03 19:45 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-08-25 09:03:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2010-08-24 13:25:28 EDT
A buffer overread flaw was found in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).

Upstream bug report:
  [1] http://bugs.squid-cache.org/show_bug.cgi?id=3021

Relevant upstream changeset:
  [2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072

  [3] http://marc.info/?l=squid-users&m=128263555724981&w=2
  [4] http://bugs.gentoo.org/show_bug.cgi?id=334263

CVE Request:
  [5] http://www.openwall.com/lists/oss-security/2010/08/24/6
Comment 1 Jan Lieskovsky 2010-08-24 13:27:34 EDT
This issue did NOT affect the versions of the squid package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.


This issue affects the versions of the squid package, as shipped with
Fedora release of 12 and 13.

Please fix.
Comment 2 Jan Lieskovsky 2010-08-24 13:39:46 EDT
Created squid tracking bugs for this issue

Affects: fedora-all [bug 626933]
Comment 3 Henrik Nordström 2010-08-24 13:58:45 EDT
This affects the 3.1.6 version in Fedora updates-testing only. Issue got introduced in Squid- Latest stable release pushed for Fedora is 3.1.4 which do not have this issue.

It's a stability issue where Squid due to a coding error automatically restarts if not able to talk to a resolver over IPv6 and needing to retry the DNS query over TCP.

It's not really something I would grade as a security issue.
Comment 4 Henrik Nordström 2010-08-24 14:03:44 EDT
And no, it's not a buffer overflow. Just a plain assertion failed crash/abort due to trying to use a unset socket filedescriptor (-1) for talking to the resolver.
Comment 5 Tomas Hoger 2010-08-25 09:03:30 EDT
Henrik, thank you for clarifications!
Comment 6 Vincent Danen 2010-11-03 19:45:36 EDT
*** Bug 649543 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.