65895 – (CVE-2005-0446) VUL-0: CVE-2005-0446: more dos in squid

Bug 65895 (CVE-2005-0446) - VUL-0: CVE-2005-0446: more dos in squid

Summary: VUL-0: CVE-2005-0446: more dos in squid

Status:	RESOLVED FIXED

Alias:	CVE-2005-0446

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0446: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-02-16 17:39 UTC by Marcus Meissner
Modified:	2021-11-30 14:56 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
squid.diff (2.02 KB, patch) 2005-02-17 16:31 UTC, Thomas Biege	Details \| Diff
squid-new.diff (1.97 KB, patch) 2005-02-17 16:32 UTC, Thomas Biege	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-02-16 17:39:30 UTC

From: Martin Schulze <joey@infodrom.org> 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
Subject: [vendor-sec] CAN-2005-0446: Denial of service in Squid 
 
FYI: 
 
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert 
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE8-dns_assert.patch 
 
Regards, 
 
        Joey

Comment 1 Marcus Meissner 2005-02-16 17:39:30 UTC

<!-- SBZ_reproduce  -->
n/a

Comment 2 Thomas Biege 2005-02-17 16:31:21 UTC

Created attachment 28566 [details]
squid.diff

Comment 3 Thomas Biege 2005-02-17 16:32:22 UTC

Created attachment 28567 [details]
squid-new.diff

Comment 4 Klaus Singvogel 2005-02-17 18:24:26 UTC

Thomas, note that your patches are no good. They contain MIME encodings, e.g. 
"=3D" instead of "=". 
 
Don't see where the difference between original and yours are? 
 
But anyway, thanks for your work.

Comment 5 Klaus Singvogel 2005-02-17 18:57:26 UTC

Note: The risk is only minor, as it can be reduced with Option "log_fqdn 
off" (the default setting)

Comment 6 Klaus Singvogel 2005-02-17 19:26:41 UTC

New packages are submitted for all maintained SuSE versions: 
8.1 (incl. SLES8, UL, SLEC), 8.2, 9.0, 9.1 (incl. SLES, SLD), 9.2 
 
Reassigning to security-team for further processing.

Comment 7 Thomas Biege 2005-02-17 22:42:20 UTC

Thanks. BTW, that were not my patches. :)

Comment 8 Thomas Biege 2005-02-17 23:06:00 UTC

 SM-Tracker-412

Comment 9 Thomas Biege 2005-02-17 23:14:09 UTC

/work/src/done/PATCHINFO/squid.patch.maintained 
/work/src/done/PATCHINFO/squid.patch.box

Comment 10 Marcus Meissner 2005-02-21 17:03:30 UTC

fixed packages released.

Comment 11 Thomas Biege 2009-10-13 21:06:52 UTC

CVE-2005-0446: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)