-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fergie (Paul Ferguson) Sent: Wednesday, May 11, 2005 4:02 PM To: [email protected] Subject: Squid Cache DNS Lookup Spoofing Vulnerability
Given the recent attention to all matters of DNS cache poisoning (real or imagined), I figured this item might of interest to the list. I know there's a lot of Squid Caches out there... - ferg [snip] Via Secunia: http://secunia.com/advisories/15294/ Secunia Advisory: SA15294 Release Date: 2005-05-11 Impact: Spoofing Where: From local network Solution Status: Vendor Patch Software: Squid 2.x Description: A vulnerability has been reported in Squid, which can be exploited by malicious people to spoof DNS lookups. The vulnerability is caused due to an unspecified error in the DNS client when handling DNS responses and can be exploited to spoof DNS lookups. The vulnerability has been reported in version 2.5 and prior. Solution: Apply patch for version 2.5.STABLE9: http://www.squid-cache.org/Versi...id-2.5.STABLE9-dns_query-2.patch Original Advisory: http://www.squid-cache.org/Versi...ugs/#squid-2.5.STABLE9-dns_query _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
