FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- DNS lookup spoofing vulnerability

Affected packages
squid < 2.5.10

Details

VuXML ID 7e97b288-c7ca-11d9-9e1e-c296ac722cb3
Discovery 2005-05-11
Entry 2005-05-19

The squid patches page notes:

Malicious users may spoof DNS lookups if the DNS client UDP port (random, assigned by OS as startup) is unfiltered and your network is not protected from IP spoofing.

References

CVE Name CVE-2005-1519
URL http://secunia.com/advisories/15294
URL http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_reply