Vigil@nce - Squid: denial of service via DNS
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send DNS packets with TC flag, in order to stop
the Squid proxy.
Severity: 1/4
Creation date: 25/08/2010
DESCRIPTION OF THE VULNERABILITY
The Squid proxy implements a DNS resolver, which queries DNS
servers and analyzes its answers.
The idnsSendQuery() of the file src/dns_internal.cc send a DNS
query. If the answer is greater than 512 bytes (TC flag on), the
query is resent using TCP. However, in that case, idnsSendQuery()
tries to resend the query on a closed socket. The assert()
function is called stopping the program.
An attacker, with a malicious DNS server, can therefore answer to
Squid with big packets, in order to generate a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Squid-denial-of-service-via-DNS-9880