• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Squid Proxy DNS Name Resolver Remote Denial Of Service Vulnerability

Severity: MODERATE

Description:

Squid Proxy is a freely available, open-source, web-proxy software package. It is designed for use on UNIX and Linux platforms.

A remote denial-of-service vulnerability exists in Squid. The issue presents itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances, the affected service will crash due to an assertion error, effectively denying service to legitimate users.

Reports indicate that the risk of this vulnerability is reduced when the 'log_fqdn off' option is set. It is reported that this option is set by default.

This vulnerability resides in versions of Squid from Squid-2.5.STABLE5 to 2.5.STABLE8.

Affected Products:

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Easy Software Products CUPS 1.1.20
• Gentoo Linux
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• MandrakeSoft Linux Mandrake 9.2.0
• MandrakeSoft Linux Mandrake 9.2.0 amd64
• OpenPKG OpenPKG 1.3.0
• OpenPKG OpenPKG 2.0.0
• OpenPKG OpenPKG Current
• RedHat Advanced Workstation for the Itanium Processor 2.1.0
• RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• RedHat Application Server WS 3
• RedHat Desktop 3.0.0
• RedHat Enterprise Linux AS 2.1
• RedHat Enterprise Linux AS 2.1 IA64
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux ES 2.1
• RedHat Enterprise Linux ES 2.1 IA64
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux WS 3
• RedHat Fedora Core1
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Linux 7.3.0 i386
• RedHat Linux 9.0.0 i386
• S.u.S.E. Linux Personal 8.2.0
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.0.0 x86_64
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• SGI ProPack 3.0.0
• Squid Web Proxy Cache 2.5.0 .STABLE1
• Squid Web Proxy Cache 2.5.0 .STABLE3
• Squid Web Proxy Cache 2.5.0 .STABLE4
• Squid Web Proxy Cache 2.5.0 .STABLE5
• Squid Web Proxy Cache 2.5.0 .STABLE6
• Squid Web Proxy Cache 2.5.0 .STABLE7
• Squid Web Proxy Cache 2.5.0 .STABLE8
• Trustix Secure Linux 2.0.0
• Trustix Secure Linux 2.1.0
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc
• Xpdf Xpdf 3.0.0 0
• libpng libpng 1.0.15
• libpng libpng3 1.2.5

References:

• RedHat: RHSA-2005:173-09 - squid security update
• Squid: Assertion failure on certain odd DNS responses
• Squid: Bugzilla Bug 1234 util.c:612: xstrndup: Assertion `n' failed.

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.