Squid Proxy Unspecified DNS Spoofing Vulnerability
BID:13592
Info
Squid Proxy Unspecified DNS Spoofing Vulnerability
| Bugtraq ID: | 13592 |
| Class: | Unknown |
| CVE: |
CVE-2005-1519 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2005 12:00AM |
| Updated: | Mar 07 2007 05:25AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Trustix Secure Linux 2.2 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 Squid Web Proxy Cache 2.5 .STABLE9 Squid Web Proxy Cache 2.5 .STABLE8 Squid Web Proxy Cache 2.5 .STABLE7 Squid Web Proxy Cache 2.5 .STABLE6 Squid Web Proxy Cache 2.5 .STABLE5 Squid Web Proxy Cache 2.5 .STABLE4 Squid Web Proxy Cache 2.5 .STABLE3 Squid Web Proxy Cache 2.5 .STABLE1 Squid Web Proxy Cache 2.4 .STABLE7 Squid Web Proxy Cache 2.4 .STABLE6 Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 SGI ProPack 3.0 SP5 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 |
| Not Vulnerable: | |
Discussion
Squid Proxy Unspecified DNS Spoofing Vulnerability
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability. This could allow malicious users to perform DNS-spoofing attacks on Squid Proxy clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability. This could allow malicious users to perform DNS-spoofing attacks on Squid Proxy clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
Exploit / POC
Squid Proxy Unspecified DNS Spoofing Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Squid Proxy Unspecified DNS Spoofing Vulnerability
Solution:
Please see the referenced vendor advisories for more information and fixes.
Trustix Secure Linux 1.5
Trustix Secure Linux 2.2
Squid Web Proxy Cache 2.3 .STABLE4
Squid Web Proxy Cache 2.4 .STABLE6
Squid Web Proxy Cache 2.4 .STABLE2
Squid Web Proxy Cache 2.5 .STABLE6
Squid Web Proxy Cache 2.5 .STABLE1
Squid Web Proxy Cache 2.5 .STABLE3
Squid Web Proxy Cache 2.5 .STABLE5
Squid Web Proxy Cache 2.5 .STABLE9
Squid Web Proxy Cache 2.5 .STABLE8
Solution:
Please see the referenced vendor advisories for more information and fixes.
Trustix Secure Linux 1.5
-
Trustix kernel-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-BOOT-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-doc-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-headers-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-smp-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-source-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-utils-2.2.26-2tr.i586.rpm
TSL 1.5
ftp://ftp.trustix.org/pub/trustix/updates
Trustix Secure Linux 2.2
-
Trustix kernel-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-BOOT-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-doc-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-smp-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-source-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kernel-utils-2.4.30-4tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix squid-2.5.STABLE9-6tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Squid Web Proxy Cache 2.3 .STABLE4
-
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 7 Workstation:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
Squid Web Proxy Cache 2.4 .STABLE6
-
RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm -
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 8 Server:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/squid-2.5.STABLE10-3.i586.rpm -
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 8 Workstation:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/squid-2.5.STABLE10-3.i586.rpm
Squid Web Proxy Cache 2.4 .STABLE2
-
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 7 Server:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/squid-2.5.STABLE10-3.i586.rpm
Squid Web Proxy Cache 2.5 .STABLE6
-
Fedora squid-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora squid-debuginfo-2.5.STABLE9-1.FC3.6.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Turbolinux squid-2.5.STABLE10-3.i586.rpm
Turbolinux 10 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE10-3.i586.rpm -
Turbolinux squid-debug-2.5.STABLE10-3.i586.rpm
Turbolinux 10 Server:
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE10-3.i586.rpm -
Ubuntu squid-cgi_2.5.5-6ubuntu0.9_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.9_amd64.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.9_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.9_i386.deb -
Ubuntu squid-cgi_2.5.5-6ubuntu0.9_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.9_powerpc.deb -
Ubuntu squid-common_2.5.5-6ubuntu0.9_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.9_all.deb -
Ubuntu squid_2.5.5-6ubuntu0.9_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.9_amd64.deb -
Ubuntu squid_2.5.5-6ubuntu0.9_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.9_i386.deb -
Ubuntu squid_2.5.5-6ubuntu0.9_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.9_powerpc.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.9_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.9_amd64.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.9_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.9_i386.deb -
Ubuntu squidclient_2.5.5-6ubuntu0.9_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.9_powerpc.deb
Squid Web Proxy Cache 2.5 .STABLE1
-
RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm
Squid Web Proxy Cache 2.5 .STABLE3
-
RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm
Squid Web Proxy Cache 2.5 .STABLE5
-
RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm
Squid Web Proxy Cache 2.5 .STABLE9
-
Squid squid-2.5.STABLE9-dns_query-4.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE9-dns_ query-4.patch
Squid Web Proxy Cache 2.5 .STABLE8
-
Ubuntu squid-cgi_2.5.8-3ubuntu1.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 8-3ubuntu1.2_amd64.deb -
Ubuntu squid-cgi_2.5.8-3ubuntu1.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 8-3ubuntu1.2_i386.deb -
Ubuntu squid-cgi_2.5.8-3ubuntu1.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 8-3ubuntu1.2_powerpc.deb -
Ubuntu squid-common_2.5.8-3ubuntu1.2_all.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.8 -3ubuntu1.2_all.deb -
Ubuntu squid_2.5.8-3ubuntu1.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubunt u1.2_amd64.deb -
Ubuntu squid_2.5.8-3ubuntu1.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubunt u1.2_i386.deb -
Ubuntu squid_2.5.8-3ubuntu1.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.8-3ubunt u1.2_powerpc.deb -
Ubuntu squidclient_2.5.8-3ubuntu1.2_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.8-3ubuntu1.2_amd64.deb -
Ubuntu squidclient_2.5.8-3ubuntu1.2_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.8-3ubuntu1.2_i386.deb -
Ubuntu squidclient_2.5.8-3ubuntu1.2_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.8-3ubuntu1.2_powerpc.deb
References
Squid Proxy Unspecified DNS Spoofing Vulnerability
References:
References: