Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
BID:13492
Info
Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
| Bugtraq ID: | 13492 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1453 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | The vendor announced this issue. |
| Vulnerable: |
Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Leafnode Leafnode 1.11.1 Leafnode Leafnode 1.9.50 Leafnode Leafnode 1.9.49 Leafnode Leafnode 1.9.48 |
| Not Vulnerable: |
Leafnode Leafnode 1.11.2 |
Discussion
Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
Fetchnews is prone to a remote denial of service vulnerability that may allow a remote attacker to cause the software to hang.
The vulnerability manifests when an upstream news server terminates the connection abruptly after fetchnews has requested an article body and before the data transfer is complete.
This vulnerability affects Leafnode 1.9.48 to 1.11.1. The vendor has advised that versions 1.11.2 and newer are not vulnerable to this issue.
Fetchnews is prone to a remote denial of service vulnerability that may allow a remote attacker to cause the software to hang.
The vulnerability manifests when an upstream news server terminates the connection abruptly after fetchnews has requested an article body and before the data transfer is complete.
This vulnerability affects Leafnode 1.9.48 to 1.11.1. The vendor has advised that versions 1.11.2 and newer are not vulnerable to this issue.
Exploit / POC
Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
Solution:
The vendor has released leafnode version 1.11.2 to address this issue. Users are advised to upgrade to the fixed version.
Mandriva has released security announcement MDKSA-2005:114 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Leafnode Leafnode 1.11.1
Leafnode Leafnode 1.9.48
Leafnode Leafnode 1.9.49
Leafnode Leafnode 1.9.50
Solution:
The vendor has released leafnode version 1.11.2 to address this issue. Users are advised to upgrade to the fixed version.
Mandriva has released security announcement MDKSA-2005:114 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Leafnode Leafnode 1.11.1
-
Leafnode leafnode-1.11.2.rel.tar.bz2
http://sourceforge.net/project/showfiles.php?group_id=57767&package_id =53446&release_id=325112
Leafnode Leafnode 1.9.48
-
Leafnode leafnode-1.11.2.rel.tar.bz2
http://sourceforge.net/project/showfiles.php?group_id=57767&package_id =53446&release_id=325112
Leafnode Leafnode 1.9.49
-
Leafnode leafnode-1.11.2.rel.tar.bz2
http://sourceforge.net/project/showfiles.php?group_id=57767&package_id =53446&release_id=325112
Leafnode Leafnode 1.9.50
-
Leafnode leafnode-1.11.2.rel.tar.bz2
http://sourceforge.net/project/showfiles.php?group_id=57767&package_id =53446&release_id=325112 -
Mandriva leafnode-1.10.4-1.1.101mdk.i586.rpm
Mandriva Linux 10.1
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva leafnode-1.10.4-1.1.101mdk.x86_64.rpm
Mandriva Linux 10.1/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva leafnode-1.10.4-1.1.102mdk.i586.rpm
Mandriva Linux 10.2
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva leafnode-1.10.4-1.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/x86_64
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva leafnode-1.9.46-1.1.C30mdk.i586.rpm
Mandriva Corporate Server 3.0
http://www1.mandrivalinux.com/en/ftp.php3 -
Mandriva leafnode-1.9.46-1.1.C30mdk.x86_64.rpm
Mandriva Corporate Server 3.0/x86_64
http://www1.mandrivalinux.com/en/ftp.php3
References
Leafnode fetchnews Client Article Body Remote Denial of Service Vulnerability
References:
References:
- Leafnode Home Page (Leafnode)
- potential denial of service in leafnode (Leafnode)