FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

leafnode fetchnews denial-of-service triggered by truncated transmission

Affected packages
leafnode <= 1.9.47

Details

VuXML ID a051a4ec-3aa1-4dd1-9bdc-a61eb5700153
Discovery 2004-01-08
Entry 2004-05-21
Modified 2005-05-13

When a downloaded news article ends prematurely, i. e. when the server sends [CR]LF.[CR]LF before sending a blank line, fetchnews may wait indefinitely for data that never arrives. Workaround: configure "minlines=1" (or use a bigger value) in the configuration file. Found by Toni Viemerö.

References

CVE Name CVE-2004-2068
FreeBSD PR ports/61105
Message 20040109015625.GA12319@merlin.emma.line.org
Message 20040109015625.GA12319@merlin.emma.line.org
URL http://leafnode.sourceforge.net/leafnode-SA-2004-01.txt
URL http://sourceforge.net/tracker/index.php?func=detail&aid=873149&group_id=57767&atid=485349