leafnode fetchnews DoS

medium Nessus Plugin ID 42260

Synopsis

The remote server is vulnerable to a denial of service attack.

Description

According to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may hang without consuming CPU when attempting to read a news article with missing mandatory headers. This means that news will not be updated until the fetchnews process is killed.

Note that Nessus did not actually test for the flaw but instead has relied on the version in Leafnode's banner so this may be a false positive.

Solution

Upgrade to 1.9.48 or later.

See Also

http://leafnode.sourceforge.net/leafnode-SA-2004-01.txt

Plugin Details

Severity: Medium

ID: 42260

File Name: leafnode_1_9_47.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 10/27/2009

Updated: 8/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: nntp/leafnode

Vulnerability Publication Date: 1/9/2004

Reference Information

CVE: CVE-2004-2068