FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

leafnode denial-of-service triggered by article request

Affected packages
1.9.20 <= leafnode < 1.9.30

Details

VuXML ID f7a3b18c-624c-4703-9756-b6b27429e5b0
Discovery 2002-11-06
Entry 2004-05-21
Modified 2005-05-13

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar.

References

Bugtraq ID 6490
CVE Name CVE-2002-1661
FreeBSD PR ports/46613
Message 20021229205023.GA5216@merlin.emma.line.org
Message 20021229205023.GA5216@merlin.emma.line.org
URL http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt