The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Squid | Squid-cache | * | 3.1.15 (including) |
| Squid | Squid-cache | 3.0 (including) | 3.0 (including) |
| Squid | Squid-cache | 3.0-rc1 (including) | 3.0-rc1 (including) |
| Squid | Squid-cache | 3.0-rc4 (including) | 3.0-rc4 (including) |
| Squid | Squid-cache | 3.0.stable1 (including) | 3.0.stable1 (including) |
| Squid | Squid-cache | 3.0.stable2 (including) | 3.0.stable2 (including) |
| Squid | Squid-cache | 3.0.stable3 (including) | 3.0.stable3 (including) |
| Squid | Squid-cache | 3.0.stable4 (including) | 3.0.stable4 (including) |
| Squid | Squid-cache | 3.0.stable5 (including) | 3.0.stable5 (including) |
| Squid | Squid-cache | 3.0.stable6 (including) | 3.0.stable6 (including) |
| Squid | Squid-cache | 3.0.stable7 (including) | 3.0.stable7 (including) |
| Squid | Squid-cache | 3.0.stable8 (including) | 3.0.stable8 (including) |
| Squid | Squid-cache | 3.0.stable9 (including) | 3.0.stable9 (including) |
| Squid | Squid-cache | 3.0.stable10 (including) | 3.0.stable10 (including) |
| Squid | Squid-cache | 3.0.stable11 (including) | 3.0.stable11 (including) |
| Squid | Squid-cache | 3.0.stable11-rc1 (including) | 3.0.stable11-rc1 (including) |
| Squid | Squid-cache | 3.0.stable12 (including) | 3.0.stable12 (including) |
| Squid | Squid-cache | 3.0.stable13 (including) | 3.0.stable13 (including) |
| Squid | Squid-cache | 3.0.stable14 (including) | 3.0.stable14 (including) |
| Squid | Squid-cache | 3.0.stable15 (including) | 3.0.stable15 (including) |
| Squid | Squid-cache | 3.0.stable16 (including) | 3.0.stable16 (including) |
| Squid | Squid-cache | 3.0.stable16-rc1 (including) | 3.0.stable16-rc1 (including) |
| Squid | Squid-cache | 3.0.stable17 (including) | 3.0.stable17 (including) |
| Squid | Squid-cache | 3.0.stable18 (including) | 3.0.stable18 (including) |
| Squid | Squid-cache | 3.0.stable19 (including) | 3.0.stable19 (including) |
| Squid | Squid-cache | 3.0.stable20 (including) | 3.0.stable20 (including) |
| Squid | Squid-cache | 3.0.stable21 (including) | 3.0.stable21 (including) |
| Squid | Squid-cache | 3.0.stable22 (including) | 3.0.stable22 (including) |
| Squid | Squid-cache | 3.0.stable23 (including) | 3.0.stable23 (including) |
| Squid | Squid-cache | 3.0.stable24 (including) | 3.0.stable24 (including) |
| Squid | Squid-cache | 3.0.stable25 (including) | 3.0.stable25 (including) |
| Squid | Squid-cache | 3.1 (including) | 3.1 (including) |
| Squid | Squid-cache | 3.1.0.1 (including) | 3.1.0.1 (including) |
| Squid | Squid-cache | 3.1.0.2 (including) | 3.1.0.2 (including) |
| Squid | Squid-cache | 3.1.0.3 (including) | 3.1.0.3 (including) |
| Squid | Squid-cache | 3.1.0.4 (including) | 3.1.0.4 (including) |
| Squid | Squid-cache | 3.1.0.5 (including) | 3.1.0.5 (including) |
| Squid | Squid-cache | 3.1.0.6 (including) | 3.1.0.6 (including) |
| Squid | Squid-cache | 3.1.0.7 (including) | 3.1.0.7 (including) |
| Squid | Squid-cache | 3.1.0.8 (including) | 3.1.0.8 (including) |
| Squid | Squid-cache | 3.1.0.9 (including) | 3.1.0.9 (including) |
| Squid | Squid-cache | 3.1.0.10 (including) | 3.1.0.10 (including) |
| Squid | Squid-cache | 3.1.0.11 (including) | 3.1.0.11 (including) |
| Squid | Squid-cache | 3.1.0.12 (including) | 3.1.0.12 (including) |
| Squid | Squid-cache | 3.1.0.13 (including) | 3.1.0.13 (including) |
| Squid | Squid-cache | 3.1.0.14 (including) | 3.1.0.14 (including) |
| Squid | Squid-cache | 3.1.0.15 (including) | 3.1.0.15 (including) |
| Squid | Squid-cache | 3.1.0.16 (including) | 3.1.0.16 (including) |
| Squid | Squid-cache | 3.1.0.17 (including) | 3.1.0.17 (including) |
| Squid | Squid-cache | 3.1.0.18 (including) | 3.1.0.18 (including) |
| Squid | Squid-cache | 3.1.1 (including) | 3.1.1 (including) |
| Squid | Squid-cache | 3.1.2 (including) | 3.1.2 (including) |
| Squid | Squid-cache | 3.1.3 (including) | 3.1.3 (including) |
| Squid | Squid-cache | 3.1.4 (including) | 3.1.4 (including) |
| Squid | Squid-cache | 3.1.5 (including) | 3.1.5 (including) |
| Squid | Squid-cache | 3.1.5.1 (including) | 3.1.5.1 (including) |
| Squid | Squid-cache | 3.1.6 (including) | 3.1.6 (including) |
| Squid | Squid-cache | 3.1.7 (including) | 3.1.7 (including) |
| Squid | Squid-cache | 3.1.8 (including) | 3.1.8 (including) |
| Squid | Squid-cache | 3.1.9 (including) | 3.1.9 (including) |
| Squid | Squid-cache | 3.1.10 (including) | 3.1.10 (including) |
| Squid | Squid-cache | 3.1.11 (including) | 3.1.11 (including) |
| Squid | Squid-cache | 3.1.12 (including) | 3.1.12 (including) |
| Squid | Squid-cache | 3.1.13 (including) | 3.1.13 (including) |
| Squid | Squid-cache | 3.1.14 (including) | 3.1.14 (including) |
| Red Hat Enterprise Linux 6 | RedHat | squid-7:3.1.10-1.el6_2.1 | * |
| Squid3 | Ubuntu | maverick | * |
| Squid3 | Ubuntu | natty | * |
| Squid3 | Ubuntu | oneiric | * |
| Squid3 | Ubuntu | upstream | * |
References
- http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://secunia.com/advisories/46609
- http://secunia.com/advisories/47459
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:193
- http://www.openwall.com/lists/oss-security/2011/10/31/5
- http://www.openwall.com/lists/oss-security/2011/11/01/3
- http://www.redhat.com/support/errata/RHSA-2011-1791.html
- http://www.securitytracker.com/id?1026265
- http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html
- http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://secunia.com/advisories/46609
- http://secunia.com/advisories/47459
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:193
- http://www.openwall.com/lists/oss-security/2011/10/31/5
- http://www.openwall.com/lists/oss-security/2011/11/01/3
- http://www.redhat.com/support/errata/RHSA-2011-1791.html
- http://www.securitytracker.com/id?1026265
- http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html