Vulnerability Description
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | 3.1.6 |
References
- http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072Patch
- http://bugs.gentoo.org/show_bug.cgi?id=334263
- http://bugs.squid-cache.org/show_bug.cgi?id=3009
- http://bugs.squid-cache.org/show_bug.cgi?id=3021
- http://marc.info/?l=squid-users&m=128263555724981&w=2PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2010/08/24/6
- http://www.openwall.com/lists/oss-security/2010/08/24/7
- http://www.openwall.com/lists/oss-security/2010/08/25/2Patch
- http://www.openwall.com/lists/oss-security/2010/08/25/6
- http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patchPatch
- https://bugzilla.redhat.com/show_bug.cgi?id=626927
- http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072Patch
- http://bugs.gentoo.org/show_bug.cgi?id=334263
- http://bugs.squid-cache.org/show_bug.cgi?id=3009
- http://bugs.squid-cache.org/show_bug.cgi?id=3021
FAQ
What is CVE-2010-2951?
CVE-2010-2951 is a vulnerability with a CVSS score of 5.0 (MEDIUM). dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion ...
How severe is CVE-2010-2951?
CVE-2010-2951 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2951?
Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.