[80720] in North American Network Operators' Group
Squid Cache DNS Lookup Spoofing Vulnerability
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Wed May 11 09:04:35 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Wed, 11 May 2005 13:02:22 GMT
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Given the recent attention to all matters of DNS cache
poisoning (real or imagined), I figured this item might
of interest to the list. I know there's a lot of Squid
Caches out there...
- ferg
[snip]
Via Secunia:
http://secunia.com/advisories/15294/
Secunia Advisory: SA15294
Release Date: 2005-05-11
Impact: Spoofing
Where: From local network
Solution Status: Vendor Patch
Software: Squid 2.x
Description:
A vulnerability has been reported in Squid, which can
be exploited by malicious people to spoof DNS lookups.
The vulnerability is caused due to an unspecified
error in the DNS client when handling DNS responses
and can be exploited to spoof DNS lookups.
The vulnerability has been reported in version 2.5
and prior.
Solution:
Apply patch for version 2.5.STABLE9:
http://www.squid-cache.org/Versi...id-2.5.STABLE9-dns_query-2.patch
Original Advisory:
http://www.squid-cache.org/Versi...ugs/#squid-2.5.STABLE9-dns_query
[snip]
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
