Signature Detail

DNS: Squid Proxy Malformed DNS Pointer Response DoS

This signature detects attempts to exploit a known vulnerability in the open-source Squid HTTP proxy. When Squid looks up a domain name in DNS for a connection to proxy, a malicious DNS server can return a malformed DNS response to crash Squid. Attackers can send a URL to users, enticing them to visit the Web page (or other Internet resource) through the user's proxy. When a user attempts to view the resource, the malicious DNS server sends the malformed packet and crashes the proxy server.

Extended Description

A remote denial-of-service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances, the affected service will crash due to an assertion error, effectively denying service to legitimate users.

Affected Products

• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Application Server WS 3
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Fedora Core1
• Red Hat Fedora Core2
• Red Hat Linux 7.3.0 I386
• Red Hat Linux 9.0.0 I386
• SGI ProPack 3.0.0
• Squid Web Proxy Cache 2.5.0 .STABLE1
• Squid Web Proxy Cache 2.5.0 .STABLE3
• Squid Web Proxy Cache 2.5.0 .STABLE4
• Squid Web Proxy Cache 2.5.0 .STABLE5
• Squid Web Proxy Cache 2.5.0 .STABLE6
• Squid Web Proxy Cache 2.5.0 .STABLE7
• Squid Web Proxy Cache 2.5.0 .STABLE8
• Ubuntu Ubuntu Linux 4.1.0 Ia32
• Ubuntu Ubuntu Linux 4.1.0 Ia64
• Ubuntu Ubuntu Linux 4.1.0 Ppc

References

• BugTraq: 12551
• CVE: CVE-2005-0446
• URL: http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert