Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-2951

Source

Debian Bug report logs - #599709
CVE-2010-2951

Package: squid3; Maintainer for squid3 is Luigi Gangitano <luigi@debian.org>; Source for squid3 is src:squid (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 10 Oct 2010 11:24:01 UTC

Severity: grave

Tags: patch, security, upstream

Merged with 597113

Found in version squid3/3.1.6-1

Fixed in version squid3/3.1.6-1.2

Done: Ben Hutchings <ben@decadent.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#599709; Package squid3. (Sun, 10 Oct 2010 11:24:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>. (Sun, 10 Oct 2010 11:24:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: squid3
Severity: grave
Tags: security

Hi,
3.1.7 fixes a security issue:
http://marc.info/?l=squid-users&m=128263555724981&w=2

> One regression introduced with 3.1.6 when contacting IPv4-only DNS
> resolvers opens a small but exploitable DoS vulnerability. All users of
> Squid-3.1.6 are urged to upgrade to this release as soon as possible.

This has been assigned CVE-2010-2951. Lenny is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages squid3 depends on:
ii  adduser                 3.112            add and remove users and groups
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
pn  libdb4.6                <none>           (no description available)
ii  libgcc1                 1:4.4.4-9        GCC support library
ii  libldap-2.4-2           2.4.23-3         OpenLDAP libraries
ii  libpam0g                1.1.1-4          Pluggable Authentication Modules l
ii  libsasl2-2              2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra
ii  libstdc++6              4.4.4-9          The GNU Standard C++ Library v3
ii  logrotate               3.7.8-6          Log rotation utility
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 init scrip
ii  netbase                 4.42             Basic TCP/IP networking system
pn  squid3-common           <none>           (no description available)

squid3 recommends no packages.

Versions of packages squid3 suggests:
pn  resolvconf                    <none>     (no description available)
pn  smbclient                     <none>     (no description available)
pn  squid3-cgi                    <none>     (no description available)
pn  squidclient                   <none>     (no description available)

Information forwarded to debian-bugs-dist@lists.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#599709; Package squid3. (Mon, 11 Oct 2010 11:12:03 GMT) (full text, mbox, link).

Acknowledgement sent to Amos Jeffries <squid3@treenet.co.nz>:
Extra info received and forwarded to list. Copy sent to Luigi Gangitano <luigi@debian.org>. (Mon, 11 Oct 2010 11:12:03 GMT) (full text, mbox, link).

Message #10 received at 599709@bugs.debian.org (full text, mbox, reply):

This is a duplicate of Debian bug 597113.

Information forwarded to debian-bugs-dist@lists.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#599709; Package squid3. (Sun, 17 Oct 2010 15:30:07 GMT) (full text, mbox, link).

Acknowledgement sent to ddaniels@umalumni.mb.ca:
Extra info received and forwarded to list. Copy sent to Luigi Gangitano <luigi@debian.org>. (Sun, 17 Oct 2010 15:30:07 GMT) (full text, mbox, link).

Message #15 received at 599709@bugs.debian.org (full text, mbox, reply):

tags 599709 + upstream patch
tags 597113 + upstream patch
thanks
I think it's fair to tag these patch given it seems upstream has fixed
this problem in the next minor release after the one Debian has.

I'm taking the liberty of tagging these since they're more than 5 days
old, one's RC, and I think we're getting closer to release so more RC bug
information is useful.

Thanks,

     Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html

Added tag(s) upstream and patch. Request was from "Drew Scott Daniels" <ddaniels@umalumni.mb.ca> to control@bugs.debian.org. (Sun, 17 Oct 2010 15:30:10 GMT) (full text, mbox, link).

Forcibly Merged 597113 599709. Request was from Ben Hutchings <ben@decadent.org.uk> to control@bugs.debian.org. (Sat, 30 Oct 2010 15:36:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#599709; Package squid3. (Sat, 30 Oct 2010 15:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to Luigi Gangitano <luigi@debian.org>. (Sat, 30 Oct 2010 15:39:03 GMT) (full text, mbox, link).

Message #24 received at 599709@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

diff -u squid3-3.1.6/debian/changelog squid3-3.1.6/debian/changelog
--- squid3-3.1.6/debian/changelog
+++ squid3-3.1.6/debian/changelog
@@ -1,3 +1,11 @@
+squid3 (3.1.6-1.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix DoS while processing large DNS replies with no IPv6 resolver present
+    (CVE-2010-2951) (Closes: #599709)
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 30 Oct 2010 17:00:55 +0200
+
 squid3 (3.1.6-1.1) unstable; urgency=high
 
   * Non-maintainer upload by the security team
diff -u squid3-3.1.6/debian/patches/00list squid3-3.1.6/debian/patches/00list
--- squid3-3.1.6/debian/patches/00list
+++ squid3-3.1.6/debian/patches/00list
@@ -4,0 +5 @@
+17-CVE-2010-2951
only in patch4:
unchanged:
--- squid3-3.1.6.orig/debian/patches/17-CVE-2010-2951.dpatch
+++ squid3-3.1.6/debian/patches/17-CVE-2010-2951.dpatch
@@ -0,0 +1,34 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 17-CVE-2010-2951.dpatch by Stephen Thorne <stephen@thorne.id.au>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Bug 3021: Large DNS reply causes crash when no ipv6 resolver present
+
+@DPATCH@
+
+--- a/src/dns_internal.cc
++++ b/src/dns_internal.cc
+@@ -843,14 +843,16 @@
+ 
+     } while ( (x<0 && y<0) && q->nsends % nns != 0);
+ 
+-    if (y >= 0) {
+-        fd_bytes(DnsSocketB, y, FD_WRITE);
+-        commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0);
+-    }
++    if (!q->need_vc) {
++        if (y >= 0) {
++            fd_bytes(DnsSocketB, y, FD_WRITE);
++            commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0);
++        }
+ 
+-    if (x >= 0) {
+-        fd_bytes(DnsSocketA, x, FD_WRITE);
+-        commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0);
++        if (x >= 0) {
++            fd_bytes(DnsSocketA, x, FD_WRITE);
++            commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0);
++        }
+     }
+ 
+     nameservers[ns].nqueries++;
--- END ---

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

[signature.asc (application/pgp-signature, inline)]

Reply sent to Ben Hutchings <ben@decadent.org.uk>:
You have taken responsibility. (Sat, 30 Oct 2010 15:51:06 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 30 Oct 2010 15:51:07 GMT) (full text, mbox, link).

Message #29 received at 599709-close@bugs.debian.org (full text, mbox, reply):

Source: squid3
Source-Version: 3.1.6-1.2

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:

squid-cgi_3.1.6-1.2_i386.deb
  to main/s/squid3/squid-cgi_3.1.6-1.2_i386.deb
squid3-common_3.1.6-1.2_all.deb
  to main/s/squid3/squid3-common_3.1.6-1.2_all.deb
squid3-dbg_3.1.6-1.2_i386.deb
  to main/s/squid3/squid3-dbg_3.1.6-1.2_i386.deb
squid3_3.1.6-1.2.diff.gz
  to main/s/squid3/squid3_3.1.6-1.2.diff.gz
squid3_3.1.6-1.2.dsc
  to main/s/squid3/squid3_3.1.6-1.2.dsc
squid3_3.1.6-1.2_i386.deb
  to main/s/squid3/squid3_3.1.6-1.2_i386.deb
squidclient_3.1.6-1.2_i386.deb
  to main/s/squid3/squidclient_3.1.6-1.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 599709@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <ben@decadent.org.uk> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Oct 2010 17:00:55 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all i386
Version: 3.1.6-1.2
Distribution: unstable
Urgency: low
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description: 
 squid-cgi  - A full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3     - A full featured Web Proxy cache (HTTP proxy)
 squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 599709
Changes: 
 squid3 (3.1.6-1.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix DoS while processing large DNS replies with no IPv6 resolver present
     (CVE-2010-2951) (Closes: #599709)
Checksums-Sha1: 
 8d2c3575bbddc36616eb245f0254db405a1943dd 1901 squid3_3.1.6-1.2.dsc
 5bdd5e18b202195d168a7e5aa971380edec574a1 19326 squid3_3.1.6-1.2.diff.gz
 454517b1080d4ed7dc1b23ff4a7b91373db237bc 193340 squid3-common_3.1.6-1.2_all.deb
 6ca9a3f47d1e3eecc320f96431537b21be50d919 1447238 squid3_3.1.6-1.2_i386.deb
 ce6a56eee633de000427d71071eec352939cae94 5516202 squid3-dbg_3.1.6-1.2_i386.deb
 e68abf039f435526bc9a5d209d987ad88b49931b 105092 squidclient_3.1.6-1.2_i386.deb
 6d25bfcc18200cd9c52db573fd13233223f3400a 107354 squid-cgi_3.1.6-1.2_i386.deb
Checksums-Sha256: 
 89c3685bcfbdb55e3fdb12438a8ac4fe9deebd8f13f2cfa8f79cc3dcfb1ac3d9 1901 squid3_3.1.6-1.2.dsc
 24a90f4c48129e778df41cf791d7b22f5524409b72c07e210ff5699291a126ea 19326 squid3_3.1.6-1.2.diff.gz
 51cbed50dff3a86e2a26c14c3983cfad5c79e23c09f952fed0bb80dfcebbfd89 193340 squid3-common_3.1.6-1.2_all.deb
 e909c704d23f8022c84d0feb8708aa3ea1084f0e95cbd59e7fee596eafd5cf6a 1447238 squid3_3.1.6-1.2_i386.deb
 e0b491d162358bad74ae9ae5ba4561015bbb9f9faa6869fb2eef1c77ae10dc7f 5516202 squid3-dbg_3.1.6-1.2_i386.deb
 908ee4a666507d7999e4df0d6e6b2ecb271624945c9e1b5502e25ca868b1bcd6 105092 squidclient_3.1.6-1.2_i386.deb
 a0b33d5a2aeaa695aeecd18abe05d8cddb4fcaaa3e89d182e810fc3381b2c03b 107354 squid-cgi_3.1.6-1.2_i386.deb
Files: 
 43e13c9180d9acf8284ea16f5664d05b 1901 web optional squid3_3.1.6-1.2.dsc
 5452e05438d27ad06e6a263307ff8f64 19326 web optional squid3_3.1.6-1.2.diff.gz
 970d4736437382743d9fe05402a44986 193340 web optional squid3-common_3.1.6-1.2_all.deb
 dfe5c39ca1ddc4008301c20b4ba0eb8a 1447238 web optional squid3_3.1.6-1.2_i386.deb
 8aed6a82b5623bbf434efa89b78418e7 5516202 debug extra squid3-dbg_3.1.6-1.2_i386.deb
 5e3b63f54c638362b370adaa081d2bf4 105092 web optional squidclient_3.1.6-1.2_i386.deb
 903223ae2572d34f7337b8907c9d29e1 107354 web optional squid-cgi_3.1.6-1.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTMw7A+e/yOyVhhEJAQqopw/+NRSAm9nStcsu7GLoFXoz3cOjdz4aUdVO
A8jZpws02CT4xyszE0CBVpX4WlQP9c/cFjIc4SZEszTFa58krpSHx+HbjwYd6xEl
liyj1g29DGSllpndC9hG8ooeH8ug6ENWcPKL8iDsyduzF9slt793IWdTmKJA/I8C
MK1BaZER62o+K5z0GMxF2WKVRsHMuQ5iXdU8TvzhMmD+IWnsUk4MSTxQQ2VoONQM
aMDClO9Yc13JW6cj29Bv3Gy6zY6Zb1IulsSAtm/1V656TNs+17HfYuCVIRKpf/EQ
yrCRktiQsdjp2CXc56pGwfhZNv3OlB9phEGwOsW2BuMF4mHrJ0WzC2L6wPQROiEo
vtedFBfMutq7+FWmtrwAIq7YNJ0EBI6q8EU9ontlmkYc821NRQchjUxm0bbrMEHd
0X92uUX3UBzUAzUZcreoDk1l4uDqeJaQ23IXckUhK7cfVlg2pKqHuO6vogusfkZH
DIyUcHdIW1HwUteBn99SL7K/uwURN51JcvdJau39GxImUuAlmZQiiDUp1KZI6CDm
E1FHYeXsp0WDEoIbT9RcARGoRHORq3G0wpNcLoLsCKng/AloZKvrkuWIWr5mb0L8
ZxzdHYnmhQZAXnHFLbm2/ubu+un4VpVWcMR9uMSr/HMQ6jV7HtlyYXy2ap5ChG0n
y3EoEBoqAxk=
=osrc
-----END PGP SIGNATURE-----

Reply sent to Ben Hutchings <ben@decadent.org.uk>:
You have taken responsibility. (Sat, 30 Oct 2010 15:51:07 GMT) (full text, mbox, link).

Notification sent to sacrificial-spam-address@horizon.com:
Bug acknowledged by developer. (Sat, 30 Oct 2010 15:51:07 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 08 Dec 2010 07:31:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:52:19 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2951

Debian Bug report logs - #599709
CVE-2010-2951

Vulmon Search

About

Products

Connect

CVE-2010-2951

Debian Bug report logs - #599709 CVE-2010-2951

Vulmon Search

About

Products

Connect

Debian Bug report logs - #599709
CVE-2010-2951