FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout

Affected packages
1.9.48 <= leafnode < 1.11.2

Details

VuXML ID 66dbb2ee-99b8-45b2-bb3e-640caea67a60
Discovery 2005-05-04
Entry 2005-05-13

When an upstream server aborts the transmission or stops sending data after the fetchnews program has requested an article header or body, fetchnews may crash, without querying further servers that are configured. This can prevent articles from being fetched.

References

Bugtraq ID 13489
Bugtraq ID 13492
CVE Name CVE-2005-1453
FreeBSD PR ports/80663
Message 20050504152311.GA25593@merlin.emma.line.org
Message 20050504152311.GA25593@merlin.emma.line.org
Message 20050504152311.GA25593@merlin.emma.line.org
Message 20050504152311.GA25593@merlin.emma.line.org
Message 20050504152311.GA25593@merlin.emma.line.org
URL http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt
URL http://secunia.com/advisories/15252
URL http://www.frsirt.com/english/advisories/2005/0468