CVE-2010-2951
Priority
Medium
Description
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled,
accesses an invalid socket during an IPv4 TCP DNS query, which allows
remote attackers to cause a denial of service (assertion failure and daemon
exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
accesses an invalid socket during an IPv4 TCP DNS query, which allows
remote attackers to cause a denial of service (assertion failure and daemon
exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
Notes
jdstrand> per upstream, 3.1 only
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (3.0.STABLE19-1) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (3.1.6-1.2ubuntu1) |
Patches:
| Debdiff: | https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/718127 |