Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152915 - CAN-2005-0446 squid DoS
Summary: CAN-2005-0446 squid DoS
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Whiteboard: LEGACY
Depends On:
TreeView+ depends on / blocked
Reported: 2005-03-10 20:37 UTC by Marc Deslauriers
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-02-21 19:08:19 UTC

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:31:54 UTC
A bug was found in the way Squid handles FQDN lookups. It was possible
to crash the Squid server by sending a carefully crafted DNS response to
an FQDN lookup. The Common Vulnerabilities and Exposures project
( has assigned the name CAN-2005-0446 to this issue.

Must base packages on the ones from bug 2150

------- Additional Comments From 2005-03-11 03:58:58 ----

05.10.28 CVE: CAN-2005-0626
Platform: Cross Platform
Title: Squid Proxy Set-Cookie Information Disclosure
Description: Squid is web proxy software. It is affected by a remote
information disclosure problem. The issue presents itself when the
requested server employs the Netscape "Set-Cookie" specifications.
Squid Proxy versions 2.5 STABLE7 through version 2.5 STABLE9 are

------- Additional Comments From 2005-03-18 09:26:01 ----

Because there haven't been any VERIFY votes for the previous squid version, I
guess it would make sense to fold this into the same mess.

I suggest we track this under #2150..

------- Additional Comments From 2005-03-19 11:44:43 ----

Well, if we track it in 2150, we should close this one.

*** This bug has been marked as a duplicate of 2150 ***

------- Bug moved to this database by 2005-03-30 18:31 -------

This bug previously known as bug 2446 at
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Red Hat Bugzilla 2006-02-21 19:08:19 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.