fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.
Link | Tags |
---|---|
http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt | patch |
http://www.vupen.com/english/advisories/2005/0468 | vdb entry |
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html | patch mailing list |
http://secunia.com/advisories/15252 | third party advisory vendor advisory |