Vulnerability Bulletins |
Denegación de servicio en Squid |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Denegación de Servicio |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Squid-2.5.STABLE5 - 2.5.STABLE8 |
Description |
|
Se ha descubierto una vulnerabilidad en las versiones que van desde la 2.5.STABLE5 a la 2.5.STABLE8 de Squid. La vulnerabilidad reside en el manejo de respuestas DNS cuando la opción log_fqdn está activada. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio de Squid mediante el envío de una respuesta DNS especialmente diseñada. |
|
Solution |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Squid Squid 2.5.STABLE8 - Parche http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.8.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/squid-2.5.STABLE6-6.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/squid-2.5.STABLE6-6.8.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.30.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-42.30.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/squid-2.5.STABLE5-42.30.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-120.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-120.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/squid-2.5.STABLE3-120.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/squid-2.5.STABLE1-108.i586.rpm Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.dsc http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.diff.gz http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_alpha.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_alpha.deb ARM http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_arm.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_arm.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_i386.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_i386.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_ia64.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_hppa.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_m68k.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mips.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mips.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mipsel.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_powerpc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_s390.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_s390.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_sparc.deb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_sparc.deb Mandrake Linux Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/squid-2.5.STABLE3-3.7.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/squid-2.5.STABLE3-3.7.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/squid-2.5.STABLE3-3.7.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/squid-2.5.STABLE3-3.7.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/squid-2.5.STABLE4-2.5.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/squid-2.5.STABLE4-2.5.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/squid-2.5.STABLE4-2.5.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/squid-2.5.STABLE4-2.5.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/squid-2.5.STABLE6-2.4.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/squid-2.5.STABLE6-2.4.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/squid-2.5.STABLE6-2.4.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/squid-2.5.STABLE6-2.4.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/squid-2.4.STABLE7-2.5.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.5.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.5.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.5.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/squid-2.5.STABLE4-2.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.5.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/squid-2.5.STABLE4-2.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE4-2.5.C30mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0446 |
BID | |
Other resources |
|
Squid 2.5.STABLE8 Patches http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert SUSE Security Announcement SUSE-SA:2005:008 http://www.novell.com/linux/security/advisories/2005_08_squid.html Debian Security Advisory DSA 688-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00067.html Mandrakesoft Security Advisories MDKSA-2005:047 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:047 Red Hat Security Advisory RHSA-2005:173-09 https://rhn.redhat.com/errata/RHSA-2005-173.html Red Hat Security Advisory RHSA-2005:201-07 https://rhn.redhat.com/errata/RHSA-2005-201.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-02-23 |
1.1 | Aviso emitido por Mandrake (MDKSA-2005:047) | 2005-02-25 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:173-09) | 2005-03-04 |
1.3 | Aviso emitido por Red Hat (RHSA-2005:201-07) | 2005-03-17 |