Squid DNS Packet Processing Denial of Service Vulnerability

Secunia ID	SA38451
CVE-ID	CVE-2010-0308
Release Date	01 Feb 2010
Last Change	02 Feb 2010
Criticality	Less Critical
Solution Status	Vendor Patch
Software	Squid 3.x
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error when processing certain DNS packets, which can be exploited by e.g. sending header-only DNS packets. Successful exploitation requires that the attacker knows Squid's receiving port.
Solution	Update to Squid 3.0.STABLE22 or apply patch. http://www.squid-cache.org/Download/ Patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9151.patch NOTE: The vulnerability can be partially mitigated by setting the "ignore_unknown_nameservers" option to "on" (default).
Reported by	Fabian Yamaguchi
Original Advisory	Squid: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt Fabian Yamaguchi: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf