DNS: Squid Proxy Malformed DNS Pointer Response DoS
This signature detects attempts to exploit a known vulnerability in the open-source Squid HTTP proxy. When Squid looks up a domain name in DNS for a connection to proxy, a malicious DNS server can return a malformed DNS response to crash Squid. Attackers can send a URL to users, enticing them to visit the Web page (or other Internet resource) through the user's proxy. When a user attempts to view the resource, the malicious DNS server sends the malformed packet and crashes the proxy server.
Extended Description
A remote denial-of-service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances, the affected service will crash due to an assertion error, effectively denying service to legitimate users.
Affected Products
Squid web_proxy_cache
Short Name
DNS:EXPLOIT:SQUID-PROXY-PTR-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
DNS
Keywords
CVE-2005-0446 DNS DoS Malformed Pointer Proxy Response Squid bid:12551
Release Date
03/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sgi
Squid
Ubuntu
CVSS Score
5.0