Squid sıkıştırılmış DNS hafıza taşması açığı

CheⓢsteR · 14 Eyl 2007

Squid sıkıştırılmış DNS hafıza taşması açığı
----------=[ Etkilenen Sistemler ]=----------
National Science Foundation Squid Web Proxy 2.0
National Science Foundation Squid Web Proxy 2.1
National Science Foundation Squid Web Proxy 2.2STABLE5
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.4alpha
- S.u.S.E. Linux 6.4ppc
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0alpha
- S.u.S.E. Linux 7.0ppc
- S.u.S.E. Linux 7.0sparc
- S.u.S.E. Linux 7.1alpha
- S.u.S.E. Linux 7.1ppc
- S.u.S.E. Linux 7.1sparc
- S.u.S.E. Linux 7.1x86
National Science Foundation Squid Web Proxy 2.2
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
National Science Foundation Squid Web Proxy 2.3STABLE5
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Single Network Firewall 7.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
National Science Foundation Squid Web Proxy 2.3STABLE4
- Caldera OpenLinux Server 3.1
- Immunix Immunix OS 6.2
- Immunix Immunix OS 7.0
- Immunix Immunix OS 7.0beta
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Single Network Firewall 7.2
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4alpha
- S.u.S.E. Linux 6.4ppc
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0alpha
- S.u.S.E. Linux 7.0ppc
- S.u.S.E. Linux 7.0sparc
- S.u.S.E. Linux 7.1alpha
- S.u.S.E. Linux 7.1ppc
- S.u.S.E. Linux 7.1sparc
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.3
- Trustix Secure Linux 1.01
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.2
National Science Foundation Squid Web Proxy 2.3STABLE3
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Single Network Firewall 7.2
- RedHat Linux 7.0
- Trustix Secure Linux 1.01
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.2
National Science Foundation Squid Web Proxy 2.3STABLE2
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Single Network Firewall 7.2
- Trustix Secure Linux 1.01
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.2
National Science Foundation Squid Web Proxy 2.3
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ S.u.S.E. Linux 6.4alpha
+ S.u.S.E. Linux 6.4i386
+ S.u.S.E. Linux 6.4ppc
+ S.u.S.E. Linux 7.0alpha
+ S.u.S.E. Linux 7.0i386
+ S.u.S.E. Linux 7.0ppc
+ S.u.S.E. Linux 7.0sparc
+ S.u.S.E. Linux 7.1alpha
+ S.u.S.E. Linux 7.1ppc
+ S.u.S.E. Linux 7.1sparc
+ S.u.S.E. Linux 7.1x86
+ S.u.S.E. Linux 7.2i386
+ S.u.S.E. Linux 7.3i386
+ S.u.S.E. Linux 7.3ppc
+ S.u.S.E. Linux 7.3sparc
+ SCO Open Server 5.0
+ SCO Open Server 5.0.1
+ SCO Open Server 5.0.2
+ SCO Open Server 5.0.3
+ SCO Open Server 5.0.4
+ SCO Open Server 5.0.5
+ SCO Open Server 5.0.6
+ SCO Open Server 5.0.6a
National Science Foundation Squid Web Proxy 2.3.1
- Conectiva Linux 0.0ecommerce
- Conectiva Linux 0.0graficas
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Conectiva Linux 6.0
National Science Foundation Squid Web Proxy 2.4STABLE6
National Science Foundation Squid Web Proxy 2.4STABLE4
National Science Foundation Squid Web Proxy 2.4STABLE3
- Conectiva Linux 7.0
National Science Foundation Squid Web Proxy 2.4STABLE2
- Conectiva Linux 7.0
National Science Foundation Squid Web Proxy 2.4STABLE1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Single Network Firewall 7.2
+ RedHat Linux 7.2
- S.u.S.E. Linux 7.2
National Science Foundation Squid Web Proxy 2.4
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.5
+ FreeBSD FreeBSD 5.0
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5

----------=[ Açıklama ]=----------
Squid kötü amaçlı olarak hazırlanmış sıkıştırılmış DNS cevaplarını işlerken SIGSEGV hatası verip kapanabiliyor. Normal çalışabilmesi için tekrar başlatılması gerekiyor.

----------=[ Korunma ]=----------
Aşağıdaki geçici çözüm Squid geliştirme takımı tarafından öneriliyor:
Squid-2.4, Squid-2.5 ve Squid-2.6/Squid-HEAD 'configure'ün --disable-internal-dns seçeneği ile çalıştırılarak harici bir DNS sunucu kullanacak şekilde tekrar derlenebilir. dahili/harici DNS seçimi için bir run-time konfigürasyon seçeneği yok.

Güncellenmiş sürümler hazır:

National Science Foundation Squid Web Proxy 2.0:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.1:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.2STABLE5:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.2:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3STABLE5:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3STABLE4:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3STABLE3:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3STABLE2:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.3.1:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.4STABLE6:
National Science Foundation Squid Web Proxy 2.4STABLE4:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.4STABLE3:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.4STABLE2:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.4STABLE1:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

National Science Foundation Squid Web Proxy 2.4:

National Science Foundation Upgrade squid-2.4.STABLE6-src.tar.gz
http://www.squid-cache.org/Versions/...LE6-src.tar.gz

FreeBSD Upgrade squid-2.4_8.tgz
ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_8.tgz

Katliam-Timi · 15 Ocak 2009

saol kardeş.

Squid sıkıştırılmış DNS hafıza taşması açığı

CheⓢsteR

Katılımcı Üye

Katliam-Timi

Üye

Sosyal medya sayfalarımız