leafnode fetchnews DoS

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote server is vulnerable to a denial of service attack.

Description :

According to its version number, the remote Leafnode NNTP server is
vulnerable to a denial of service attack. Specifically, it may hang
without consuming CPU when attempting to read a news article with
missing mandatory headers. This means that news will not be updated
until the fetchnews process is killed.

Note that Nessus did not actually test for the flaw but instead has
relied on the version in Leafnode's banner so this may be a false

See also :


Solution :

Upgrade to 1.9.48 or later.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Misc.

Nessus Plugin ID: 42260 (leafnode_1_9_47.nasl)

Bugtraq ID:

CVE ID: CVE-2004-2068

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial