leafnode fetchnews DoS
Medium Nessus Plugin ID 42260
SynopsisThe remote server is vulnerable to a denial of service attack.
DescriptionAccording to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may hang without consuming CPU when attempting to read a news article with missing mandatory headers. This means that news will not be updated until the fetchnews process is killed.
Note that Nessus did not actually test for the flaw but instead has relied on the version in Leafnode's banner so this may be a false positive.
SolutionUpgrade to 1.9.48 or later.