Detections
Analytics

leafnode Cross-Posted Article Group Name Prefix DoS

medium Nessus Plugin ID 42259

Language:

Synopsis

The remote NNTP server is vulnerable to a denial of service attack.

Description

According to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may go into an infinite loop with 100% CPU use when an article that has been crossposted to several groups, one of which is the prefix of another, and when this article is then requested by its Message-ID.

Note that Nessus did not actually test for the flaw but instead has relied on the version in Leafnode's banner so this may be a false positive.

Solution

Upgrade to 1.9.48 or later.

See Also

http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt

Plugin Details

Severity: Medium

ID: 42259

File Name: leafnode_1_9_29.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 10/27/2009

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: nntp/leafnode

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/30/2002

Reference Information

CVE: CVE-2002-1661

BID: 6490