FreeBSD : leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout (66dbb2ee-99b8-45b2-bb3e-640caea67a60)

medium Nessus Plugin ID 18966

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

When an upstream server aborts the transmission or stops sending data after the fetchnews program has requested an article header or body, fetchnews may crash, without querying further servers that are configured. This can prevent articles from being fetched.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?8c0608f3

http://www.nessus.org/u?3414844a

http://www.nessus.org/u?cd59525f

http://www.frsirt.com

http://www.nessus.org/u?3139c36e

http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=80663

http://www.nessus.org/u?cc49f37b

http://article.gmane.org/gmane.network.leafnode.announce/52

Plugin Details

Severity: Medium

ID: 18966

File Name: freebsd_pkg_66dbb2ee99b845b2bb3e640caea67a60.nasl

Version: 1.23

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:leafnode, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 5/13/2005

Vulnerability Publication Date: 5/4/2005

Reference Information

CVE: CVE-2005-1453

BID: 13489, 13492

Secunia: 15252