Vigil@nce: Squid, denial of service via DNS
January 2010 by Vigil@nce
An attacker can send truncated DNS packets, in order to stop the
Squid proxy.
– Severity: 1/4
– Consequences: denial of service of service
– Provenance: internet server
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 04/01/2010
IMPACTED PRODUCTS
– Squid cache
DESCRIPTION OF THE VULNERABILITY
The Squid proxy implements a DNS resolver, which queries DNS
servers and analyzes its answers.
The rfc1035NameUnpack() function of the lib/rfc1035.c file decodes
DNS packets. However, if the packet is truncated after its header,
this function calls assert() which stops the program.
An attacker, with a malicious DNS server, can therefore answer to
Squid with short packets, in order to generate a denial of service.
CHARACTERISTICS
– Identifiers: BID-37522, VIGILANCE-VUL-9322
– Url: http://vigilance.fr/vulnerability/Squid-denial-of-service-via-DNS-9322