CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.

Bug #907690 reported by Mahyuddin Susanto on 2011-12-22
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
High
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
https://bugzilla.redhat.com/show_bug.cgi?id=734583

Patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch

Fixed in Version: Squid 3.0.STABLE26, 3.1.15, 3.2.0.11

Changed in squid3 (Ubuntu):
status: New → In Progress
assignee: nobody → Mahyuddin Susanto (udienz)
Mahyuddin Susanto (udienz) wrote :
security vulnerability: no → yes
Mahyuddin Susanto (udienz) wrote :
Mahyuddin Susanto (udienz) wrote :
Changed in squid3 (Ubuntu):
status: In Progress → New
assignee: Mahyuddin Susanto (udienz) → nobody
Robie Basak (racb) on 2011-12-23
Changed in squid3 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Changed in squid3 (Ubuntu):
status: Triaged → New
Changed in squid3 (Ubuntu):
status: New → Fix Released
description: updated
Marc Deslauriers (mdeslaur) wrote :

Thanks for the debdiffs. Sorry for the delay in reviewing them.

ACK for maverick, natty and oneiric. They are being built now and will be released in a few hours.

NACK for lucid. There seems to be a line missing in the CVE-2011-3205 patch. Could you please check, and attach a fixed debdiff?

Thanks!

Changed in squid3 (Ubuntu Maverick):
status: New → Fix Committed
Changed in squid3 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in squid3 (Ubuntu Natty):
status: New → Fix Committed
Marc Deslauriers (mdeslaur) wrote :

Maverick-Oneiric have been released now, and will appear in mirrors in the next few hours.

Changed in squid3 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in squid3 (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in squid3 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in squid3 (Ubuntu Lucid):
status: New → Incomplete
Mahyuddin Susanto (udienz) wrote :

attached new debdiff for lucid-security

Changed in squid3 (Ubuntu Lucid):
status: Incomplete → New
Marc Deslauriers (mdeslaur) wrote :

debdiff looks good. ACK. I'm building the package now and will release it today.

Thanks!

Changed in squid3 (Ubuntu Lucid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.0.STABLE19-1ubuntu0.2

---------------
squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
    that only contains header. (LP: #907686)
    - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
    - CVE-2010-0308
  * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
    crafted packets to the HTCP port. (LP: #907690)
    - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
    - CVE-2010-0639
  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
 -- Mahyuddin Susanto <email address hidden> Wed, 18 Jan 2012 12:46:59 +0700

Changed in squid3 (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers