Buffer overflow in Opensuse and Squid

#VU42671 Buffer overflow in Opensuse and Squid

Published: 2013-08-10 | Updated: 2020-08-11

Vulnerability identifier: #VU42671

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-4115

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Opensuse
Operating systems & Components / Operating system
Squid
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: SUSE
Squid-cache.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Opensuse: 11.4 - 12.3

Squid: 3.2.0.1 - 3.3.6

External links
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html
http://secunia.com/advisories/54076
http://secunia.com/advisories/54834
http://secunia.com/advisories/54839
http://www.openwall.com/lists/oss-security/2013/07/11/8
http://www.securityfocus.com/bid/61111
http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch
http://exchange.xforce.ibmcloud.com/vulnerabilities/85564

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for squid