|Bugzilla:||556389: CVE-2010-0308 squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)|
The MITRE CVE dictionary describes this issue as:
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 188.8.131.52 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0308
This issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:
The Red Hat Security Response Team has rated this issue as having low security impact, a future squid update may address this flaw in Red Hat Enterprise Linux 3 and 4.
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 5 (squid)||RHSA-2010:0221||March 29, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.