Mandrake Linux Security Advisory : leafnode (MDKSA-2005:114)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A number of vulnerabilities in the leafnode NNTP server package have
been found :

A vulnerability in the fetchnews program that could under some
circumstances cause a wait for input that never arrives, which in turn
would cause fetchnews to hang (CVE-2004-2068).

Two vulnerabilities in the fetchnews program can cause fetchnews to
crash when the upstream server closes the connection and leafnode is
receiving an article header or an article body, which prevent leafnode
from querying other servers that are listed after that particular
server in the configuration file (CVE-2005-1453).

Finally, another vulnerability in the fetchnews program could also
cuase a wait for input that never arrives, causing fetchnews to hang
(CVE-2005-1911).

The updated packages have been patched to correct this problem.

Solution :

Update the affected leafnode package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 18676 (mandrake_MDKSA-2005-114.nasl)

Bugtraq ID:

CVE ID: CVE-2004-2068
CVE-2005-1453
CVE-2005-1911

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now