Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record

[Kurt Seifried <kseifried () redhat com>]

On 10/31/2011 11:21 AM, Jan Lieskovsky wrote:
> Hello Steve, vendors,
>
>   an invalid free flaw was found in the way Squid proxy caching server
> processed DNS requests, where one CNAME record pointed to another CNAME
> record pointing to an empty A-record. A remote attacker could issue a
> specially-crafted DNS request, leading to denial of service (squid
> daemon abort).
Please use CVE-2011-4096 for this issue

> Upstream bug report:
> [1] http://bugs.squid-cache.org/show_bug.cgi?id=3237
>
> Relevant upstream patch:
> [2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10384
>
> References:
> [3]
> http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html
> [4] http://bugs.squid-cache.org/show_bug.cgi?id=3237#c4
> [5] http://bugs.squid-cache.org/show_bug.cgi?id=3237#c5
> [6] https://bugzilla.redhat.com/show_bug.cgi?id=750316
>
> Could you allocate a CVE id for this? (cc-ed Henrik and Jiri
> for their opinion / comments too, if this should be considered
> a security issue or not)

I'd say so, in the past we have: CVE-2010-2951
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2951>,
CVE-2010-0639
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639>,
CVE-2009-3700
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3700>, etc. Lots
of similar ones.
> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team


-- 

-Kurt Seifried / Red Hat Security Response Team