Re: [SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability
* Martin Schulze:
> The upstream developers have discovered a bug in the DNS lookup code
> of Squid, the popular WWW proxy cache. When the DNS client UDP port
> (assigned by the operating system at startup) is unfiltered and the
> network is not protected from IP spoofing, malicious users can spoof
> DNS lookups which could result in users being redirected to arbitrary
> web sites.
What is the exact cause of the problem? Non-random message IDs?