Home page logo

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-SCO.26] OpenServer 5.0.6a : squid compressed DNS answer message boundary failure
From: security () caldera com
Date: Thu, 13 Jun 2002 16:59:03 -0700

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca


                Caldera International, Inc.  Security Advisory

Subject:                OpenServer 5.0.6a : squid compressed DNS answer message boundary failure
Advisory number:        CSSA-2002-SCO.26
Issue date:             2002 June 13
Cross reference:

1. Problem Description

        From Squid advisory SQUID-2002:2 : Error and boundary
        conditions were not checked when handling compressed DNS
        answer messages in the internal DNS code (lib/rfc1035.c).
        A malicious DNS server could craft a DNS reply that would
        cause Squid to exit with a SIGSEGV.

2. Vulnerable Supported Versions

        System                          Binaries
        OpenServer 5.0.6a               /opt/K/SCO/Squid/2.4.6/*

3. Solution

        The proper solution is to install the latest packages.

4. OpenServer 5.0.6a

        4.1 Location of Fixed Binaries


        4.2 Verification

        MD5 (VOL.000.000) = 87accd0ac60bf509b86e66bb74062168
        MD5 (VOL.000.001) = 4f709bb2f81fbb72e46f9f3608bca6e6
        MD5 (VOL.000.002) = eb7964ff9190da6749341170ce779b12
        MD5 (VOL.000.003) = 8be5cc4f62eb83d65541c491cbaaad3c

        md5 is available for download from

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        1) Download the VOL* files to the /tmp directory

        Run the custom command, specify an install from media images,
        and specify the /tmp directory as the location of the images.

5. References

        Specific references for this advisory:

        Caldera security resources:

        This security fix closes Caldera incidents sr862189, fz520428,

6. Disclaimer

        Caldera International, Inc. is not responsible for the
        misuse of any of the information we provide on this website
        and/or through our security advisories. Our advisories are
        a service to our customers intended to promote secure
        installation and use of Caldera products.

7. Acknowledgements

        This vulnerability was discovered and researched by zen-parse
        <zen-parse () gmx net>.


Attachment: _bin

  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-SCO.26] OpenServer 5.0.6a : squid compressed DNS answer message boundary failure security (Jun 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]