From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Feb 1 20:10:03 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D57801065679 for ; Mon, 1 Feb 2010 20:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B07518FC13 for ; Mon, 1 Feb 2010 20:10:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o11KA3S4052508 for ; Mon, 1 Feb 2010 20:10:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o11KA3tC052507; Mon, 1 Feb 2010 20:10:03 GMT (envelope-from gnats) Resent-Date: Mon, 1 Feb 2010 20:10:03 GMT Resent-Message-Id: <201002012010.o11KA3tC052507@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas-Martin Seck Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 08AB2106566B for ; Mon, 1 Feb 2010 20:09:00 +0000 (UTC) (envelope-from tmseck@netcologne.de) Received: from smtp6.netcologne.de (smtp6.netcologne.de [194.8.194.26]) by mx1.freebsd.org (Postfix) with ESMTP id 8B5638FC1C for ; Mon, 1 Feb 2010 20:08:59 +0000 (UTC) Received: from wcfields.tmseck.homedns.org (xdsl-89-0-155-82.netcologne.de [89.0.155.82]) by smtp6.netcologne.de (Postfix) with SMTP id C30982A0CC4 for ; Mon, 1 Feb 2010 21:08:57 +0100 (CET) Received: (qmail 38568 invoked by uid 1001); 1 Feb 2010 20:08:57 -0000 Message-Id: <20100201200857.38567.qmail@wcfields.tmseck.homedns.org> Date: 1 Feb 2010 20:08:57 -0000 From: Thomas-Martin Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: ports-security@FreeBSD.org Subject: ports/143451: [Maintainer] [Security] www/squid: Advisory 2010:1 - Denial of Service vulnerability X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas-Martin Seck List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 20:10:03 -0000 >Number: 143451 >Category: ports >Synopsis: [Maintainer] [Security] www/squid: Advisory 2010:1 - Denial of Service vulnerability >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Feb 01 20:10:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 8.0-RELEASE amd64 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of February 1, 2010. >Description: Squid advisory 2010:1 notes that all versions of Squid are vulnerable to a denial of service attack via untrusted DNS servers/resolvers. Updated versions of www/squid30 and www/squid31 do not build, unfortunately. I have informed the upstream maintainer and will update www/squid30 and www/squid31 as soon as I have received and tested fixes for the build errors. Added file: files/patch-squid-advisory-2010:1 Proposed VuXML entry, note that these include the fixed 3.0.22 and 3.1.0.16 versions which are not yet available as ports. Feel free to modify these entries to show that no fix is yet available in the Ports Collection: squid -- Denial of Service vulnerability in DNS handling squid 2.7.12.7.7_3 3.0.13.0.22 3.1.0.13.1.0.16

Squid security advisory 2010:1 reports:

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets.

This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term denial of service attack on the Squid service.

http://www.squid-cache.org/Advisories/SQUID-2010_1.txt 2010-01-14
>How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid) (Revision 1744) +++ Makefile (.../local/squid) (Revision 1744) @@ -76,7 +76,7 @@ PORTNAME= squid PORTVERSION= 2.7.${SQUID_STABLE_VER} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ Index: files/patch-squid-advisory-2010:1 =================================================================== --- files/patch-squid-advisory-2010:1 (.../www/squid) (Revision 0) +++ files/patch-squid-advisory-2010:1 (.../local/squid) (Revision 1744) @@ -0,0 +1,38 @@ +FreeBSD-Patch for Squid-Advisory 2010:1, prepared by Thomas-Martin Seck, +, 2010-02-01. + +Removed one directory level and the first hunk with CVS meta-information +from the original patch. The original patch can be downloaded from: +http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch + +--------------------- +PatchSet 12597 +Date: 2010/01/15 11:40:30 +Author: amosjeffries +Branch: HEAD +Tag: (none) +Log: +Handle DNS header-only packets as invalid. + +Members: + lib/rfc1035.c:1.30->1.31 + +Index: lib/rfc1035.c +=================================================================== +RCS file: /cvsroot/squid/squid/lib/rfc1035.c,v +retrieving revision 1.30 +retrieving revision 1.31 +diff -u -r1.30 -r1.31 +--- lib/rfc1035.c 15 Jun 2008 03:49:55 -0000 1.30 ++++ lib/rfc1035.c 15 Jan 2010 11:40:30 -0000 1.31 +@@ -286,7 +286,9 @@ + size_t len; + assert(ns > 0); + do { +- assert((*off) < sz); ++ if ((*off) >= sz) { ++ return 1; ++ } + c = *(buf + (*off)); + if (c > 191) { + /* blasted compression */ >Release-Note: >Audit-Trail: >Unformatted: