Vulnerabilities > CVE-2005-0446 - Remote Denial Of Service vulnerability in Squid Proxy DNS Name Resolver

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
squid
nessus
NVD
Published: 2005-05-02
Updated: 2017-10-11

Summary

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

Vulnerable Configurations

Part Description Count
Application
Squid
59

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-153.NASL
    descriptionThis update fixes CVE-2005-0446 Squid DoS from bad DNS response Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19614
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19614
    titleFedora Core 2 : squid-2.5.STABLE8-1.FC2.1 (2005-153)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-25 (Squid: Denial of Service through DNS responses) Handling of certain DNS responses trigger assertion failures. Impact : By returning a specially crafted DNS response an attacker could cause Squid to crash by triggering an assertion failure. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17144
    published2005-02-18
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17144
    titleGLSA-200502-25 : Squid: Denial of Service through DNS responses
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-201.NASL
    descriptionAn updated squid package that fixes a denial of service issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid handles fully qualified domain name (FQDN) lookups. A malicious DNS server could crash Squid by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. This erratum also includes two minor patches to the LDAP helpers. One corrects a slight malformation in ldap search requests (although all known LDAP servers accept the requests). The other adds documentation for the -v option to the ldap helpers. Users of Squid should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id17340
    published2005-03-16
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17340
    titleRHEL 4 : squid (RHSA-2005:201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_008.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:008 (squid). Squid is an Open Source web proxy. A remote attacker was potentially able to crash the Squid web proxy if the log_fqdn option was set to
    last seen2020-06-01
    modified2020-06-02
    plugin id17198
    published2005-02-23
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17198
    titleSUSE-SA:2005:008: squid
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-154.NASL
    descriptionThis update fixes CVE-2005-0446 Squid DoS from bad DNS response Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19615
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19615
    titleFedora Core 3 : squid-2.5.STABLE8-1.FC3.1 (2005-154)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-212.NASL
    descriptionAn updated dhcp package that fixes a string format issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd logs error messages. A malicious DNS server could send a carefully crafted DNS reply and cause dhcpd to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. All users of dhcp should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18018
    published2005-04-12
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18018
    titleRHEL 2.1 : dhcp (RHSA-2005:212)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5BF1A715CC57440FB0A56406961C54A7.NASL
    descriptionThe Squid team reported several denial-of-service vulnerabilities related to the handling of DNS responses and NT Lan Manager messages. These may allow an attacker to crash the Squid cache.
    last seen2020-06-01
    modified2020-06-02
    plugin id18947
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18947
    titleFreeBSD : squid -- denial-of-service vulnerabilities (5bf1a715-cc57-440f-b0a5-6406961c54a7)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-688.NASL
    descriptionUpstream developers have discovered several problems in squid, the Internet object cache, the popular WWW proxy cache. A remote attacker can cause squid to crash via certain DNS responses.
    last seen2020-06-01
    modified2020-06-02
    plugin id17196
    published2005-02-23
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17196
    titleDebian DSA-688-1 : squid - missing input sanitising
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-173.NASL
    descriptionUpdated squid packages that fix a denial of service issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team Squid is a full-featured Web proxy cache. A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0446 to this issue. Users of squid should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id17264
    published2005-03-04
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17264
    titleRHEL 2.1 / 3 : squid (RHSA-2005:173)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-047.NASL
    descriptionThe squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id17216
    published2005-02-25
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17216
    titleMandrake Linux Security Advisory : squid (MDKSA-2005:047)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-84-1.NASL
    descriptionWhen parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way. This could allow remote attackers to bypass intended ACLs. (CAN-2005-0194) A remote Denial of Service vulnerability was discovered in the domain name resolution code. A faulty or malicious DNS server could stop the Squid server immediately by sending a malformed IP address. (CAN-2005-0446). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20709
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20709
    titleUbuntu 4.10 : squid vulnerabilities (USN-84-1)

Oval

accepted2013-04-29T04:12:46.429-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionSquid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
familyunix
idoval:org.mitre.oval:def:11264
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleSquid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:173
  • rhsa
    idRHSA-2005:201
rpms
  • squid-7:2.5.STABLE3-6.3E.8
  • squid-debuginfo-7:2.5.STABLE3-6.3E.8
  • squid-7:2.5.STABLE6-3.4E.5
  • squid-debuginfo-7:2.5.STABLE6-3.4E.5

References