FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- DNS lookup spoofing vulnerability

Affected packages
squid < 2.5.10

Details

VuXML ID 7e97b288-c7ca-11d9-9e1e-c296ac722cb3
Discovery 2005-05-11
Entry 2005-05-19

The squid patches page notes:

Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS as startup) is unfiltered and your network is not protected from IP spoofing.

[source]

References

CVE Name CVE-2005-1519
URL http://secunia.com/advisories/15294
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_reply

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.