Short Name |
DNS:EXPLOIT:SQUID-PROXY-DOS |
---|---|
Severity |
Medium |
Recommended |
No |
Category |
DNS |
Keywords |
Squid Proxy Malformed DNS Response DoS |
Release Date |
2005/03/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in the open-source Squid HTTP proxy. When Squid looks up a domain name in DNS for a connection to proxy, a malicious DNS server can return a malformed DNS response to crash Squid. Attackers can send a URL to users enticing them to visit the Web page (or other Internet resources) through the user's proxy. When a user attempts to view the resource, the malicious DNS server sends the malformed packet and crashes the proxy server.
A remote denial-of-service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances, the affected service will crash due to an assertion error, effectively denying service to legitimate users.