leafnode Cross-Posted Article Group Name Prefix DoS
Medium Nessus Plugin ID 42259
SynopsisThe remote NNTP server is vulnerable to a denial of service attack.
DescriptionAccording to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may go into an infinite loop with 100% CPU use when an article that has been crossposted to several groups, one of which is the prefix of another, and when this article is then requested by its Message-ID.
Note that Nessus did not actually test for the flaw but instead has relied on the version in Leafnode's banner so this may be a false positive.
SolutionUpgrade to 1.9.48 or later.