leafnode fetchnews DoS

According to its version number, the remote Leafnode NNTP server is vulnerable to a denial of service attack. Specifically, it may hang without consuming CPU when attempting to read a news article with missing mandatory headers. This means that news will not be updated until the fetchnews process...

FreeBSD : leafnode fetchnews denial-of-service triggered by truncated transmission (a051a4ec-3aa1-4dd1-9bdc-a61eb5700153)

When a downloaded news article ends prematurely, i. e. when the server sends CRLF.CRLF before sending a blank line, fetchnews may wait indefinitely for data that never arrives. Workaround: configure 'minlines=1' or use a bigger value in the configuration file. Found by Toni Viemero. %NASLMINLEVEL...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. VID 66dbb2ee-99b8-45b2-bb3e-640caea67a60 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. VID 7b0208ff-3f65-4e16-8d4d-48fd9851f085 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. VID f7a3b18c-624c-4703-9756-b6b27429e5b0 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. VID a051a4ec-3aa1-4dd1-9bdc-a61eb5700153 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. VID b5ffaa2a-ee50-4498-af99-61bc1b163c00 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: leafnode

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Leafnode denials of service

According to its version number that OpenVAS read in the banner, your Leafnode NNTP server is vulnerable to a denial of service. Note that OpenVAS did not check the actual flaw and relied upon the banner, so this may be a false positive. OpenVAS Vulnerability Test $Id: leafnodeversion.nasl 8023...

Leafnode denials of service

According to its version number in the banner the Leafnode NNTP server is vulnerable to a denial of service. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

FreeBSD : leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout (66dbb2ee-99b8-45b2-bb3e-640caea67a60)

When an upstream server aborts the transmission or stops sending data after the fetchnews program has requested an article header or body, fetchnews may crash, without querying further servers that are configured. This can prevent articles from being fetched. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD : leafnode -- denial of service vulnerability (b5ffaa2a-ee50-4498-af99-61bc1b163c00)

Matthias Andree reports : A vulnerability was found in the fetchnews program the NNTP client that may under some circumstances cause a wait for input that never arrives, fetchnews 'hangs'. ... As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs wil...

FreeBSD : leafnode denial-of-service triggered by article request (f7a3b18c-624c-4703-9756-b6b27429e5b0)

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...

Mandrake Linux Security Advisory : leafnode (MDKSA-2005:114)

A number of vulnerabilities in the leafnode NNTP server package have been found : A vulnerability in the fetchnews program that could under some circumstances cause a wait for input that never arrives, which in turn would cause fetchnews to hang CVE-2004-2068. Two vulnerabilities in the fetchnews...

Leafnode NNTP proxy DoS

DoS ifserver closes connection before all data received...

leafnode security announcement leafnode-SA-2005-02 (CAN-2005-1911)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 leafnode-SA-2005:02.fetchnews-hangs-on-header Topic: potential denial of service in leafnode Announcement: leafnode-SA-2005:02 Author: Matthias Andree Version: 1.00 Announced: 2005-06-08 Category: main Type: potential denial of service Impact: fetchne...