CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port

Bug #907687 reported by Mahyuddin Susanto on 2011-12-22
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
High
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

Description
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.ubuntu.com/usn/usn-904-1

patch:
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch

Changed in squid3 (Ubuntu):
assignee: nobody → Mahyuddin Susanto (udienz)
status: New → In Progress
security vulnerability: no → yes
Changed in squid3 (Ubuntu):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → New
Robie Basak (racb) on 2011-12-23
Changed in squid3 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Changed in squid3 (Ubuntu):
status: Triaged → Fix Released
Marc Deslauriers (mdeslaur) wrote :

Only affects lucid.

Changed in squid3 (Ubuntu Maverick):
status: New → Invalid
Changed in squid3 (Ubuntu Natty):
status: New → Invalid
Changed in squid3 (Ubuntu Oneiric):
status: New → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.14-1ubuntu0.1

---------------
squid3 (3.1.14-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:51:38 +0700

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.11-1ubuntu0.1

---------------
squid3 (3.1.11-1ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:54:02 +0700

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.6-1.1ubuntu1.2

---------------
squid3 (3.1.6-1.1ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:55:40 +0700

Changed in squid3 (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in squid3 (Ubuntu Natty):
status: Invalid → Fix Released
Changed in squid3 (Ubuntu Oneiric):
status: Invalid → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.0.STABLE19-1ubuntu0.2

---------------
squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
    that only contains header. (LP: #907686)
    - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
    - CVE-2010-0308
  * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
    crafted packets to the HTCP port. (LP: #907690)
    - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
    - CVE-2010-0639
  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
 -- Mahyuddin Susanto <email address hidden> Wed, 18 Jan 2012 12:46:59 +0700

Changed in squid3 (Ubuntu Lucid):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers