Published: 12/10/2010 Updated: 13/10/2010

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid 3.1.6

Debian Bug report logs - #599709 CVE-2010-2951 Package: squid3; Maintainer for squid3 is Luigi Gangitano <luigi@debianorg>; Source for squid3 is src:squid (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Oct 2010 11:24:01 UTC Severity: grave Tags: patch, security, upstream Merged ...

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2010/08/25/2 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch http://www.openwall.com/lists/oss-security/2010/08/24/6 http://www.openwall.com/lists/oss-security/2010/08/25/6 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://marc.info/?l=squid-users&m=128263555724981&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=626927 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599709 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2951

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect