Ubuntu
squid3 package

CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port

Bug #907687 reported by Mahyuddin Susanto
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
Fix Released
High
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned
Natty
Fix Released
Undecided
Unassigned
Oneiric
Fix Released
Undecided
Unassigned

Bug Description

Description
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.ubuntu.com/usn/usn-904-1

patch:
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch

Mahyuddin Susanto (udienz)
Changed in squid3 (Ubuntu):
assignee: nobody → Mahyuddin Susanto (udienz)
status: New → In Progress
Mahyuddin Susanto (udienz)
security vulnerability: no → yes
Changed in squid3 (Ubuntu):
assignee: Mahyuddin Susanto (udienz) → nobody
status: In Progress → New
Robie Basak (racb)
Changed in squid3 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Mahyuddin Susanto (udienz)
Changed in squid3 (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Only affects lucid.

Changed in squid3 (Ubuntu Maverick):
status: New → Invalid
Changed in squid3 (Ubuntu Natty):
status: New → Invalid
Changed in squid3 (Ubuntu Oneiric):
status: New → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.14-1ubuntu0.1

---------------
squid3 (3.1.14-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:51:38 +0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.11-1ubuntu0.1

---------------
squid3 (3.1.11-1ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:54:02 +0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.6-1.1ubuntu1.2

---------------
squid3 (3.1.6-1.1ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
  * SECURITY UPDATE: Fix DoS (daemon abort) via DNS reply containing a CNAME
    record that references another CNAME record that contains an empty A record.
    - debian/patches/CVE-2011-4096.dpatch
    - CVE-2011-4096
 -- Mahyuddin Susanto <email address hidden> Thu, 22 Dec 2011 21:55:40 +0700

Changed in squid3 (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in squid3 (Ubuntu Natty):
status: Invalid → Fix Released
Changed in squid3 (Ubuntu Oneiric):
status: Invalid → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.0.STABLE19-1ubuntu0.2

---------------
squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
    that only contains header. (LP: #907686)
    - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
    - CVE-2010-0308
  * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
    crafted packets to the HTCP port. (LP: #907690)
    - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
    - CVE-2010-0639
  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
 -- Mahyuddin Susanto <email address hidden> Wed, 18 Jan 2012 12:46:59 +0700

Changed in squid3 (Ubuntu Lucid):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.