----------------------------------------------------------------------

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Squid DNS Lookup Spoofing Vulnerability

SECUNIA ADVISORY ID:
SA15294

VERIFY ADVISORY:
http://secunia.com/advisories/15294/

CRITICAL:
Less critical

IMPACT:
Spoofing

WHERE:
>From local network

SOFTWARE:
Squid 2.x
http://secunia.com/product/310/

DESCRIPTION:
A vulnerability has been reported in Squid, which can be exploited by
malicious people to spoof DNS lookups.

The vulnerability is caused due to an unspecified error in the DNS
client when handling DNS responses and can be exploited to spoof DNS
lookups.

The vulnerability has been reported in version 2.5 and prior.

SOLUTION:
Apply patch for version 2.5.STABLE9:
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE9-dns_query-2.patch

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------