A buffer overread flaw was found in the way Squid proxy caching server processed large DNS replies in cases, when no IPv6 resolver was present. A remote attacker could provide DNS reply with large amount of data, leading to denial of service (squid server crash). Upstream bug report: [1] http://bugs.squid-cache.org/show_bug.cgi?id=3021 Relevant upstream changeset: [2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 References: [3] http://marc.info/?l=squid-users&m=128263555724981&w=2 [4] http://bugs.gentoo.org/show_bug.cgi?id=334263 CVE Request: [5] http://www.openwall.com/lists/oss-security/2010/08/24/6
This issue did NOT affect the versions of the squid package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. -- This issue affects the versions of the squid package, as shipped with Fedora release of 12 and 13. Please fix.
Created squid tracking bugs for this issue Affects: fedora-all [bug 626933]
This affects the 3.1.6 version in Fedora updates-testing only. Issue got introduced in Squid-3.1.5.1. Latest stable release pushed for Fedora is 3.1.4 which do not have this issue. It's a stability issue where Squid due to a coding error automatically restarts if not able to talk to a resolver over IPv6 and needing to retry the DNS query over TCP. It's not really something I would grade as a security issue.
And no, it's not a buffer overflow. Just a plain assertion failed crash/abort due to trying to use a unset socket filedescriptor (-1) for talking to the resolver.
Henrik, thank you for clarifications!
*** Bug 649543 has been marked as a duplicate of this bug. ***