"Fossies" - the Fresh Open Source Software Archive

Member "leafnode-1.12.0/leafnode-SA-2002-01.txt" (30 Jan 2009, 3781 Bytes) of package /linux/misc/leafnode-1.12.0.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 leafnode-SA-2002:01.versions
    2 
    3 Topic:		vulnerabilities in leafnode
    4 
    5 Announcement:	leafnode-SA-2002:01
    6 Writer:		Matthias Andree
    7 Version:	1.01
    8 Announced:	2002-12-29
    9 Category:	main
   10 Type:		denial of service
   11 Impact:		CPU busy loop
   12 Credits:	Jan Knutar (jknutar, nic dot fi), for finding the bug
   13 		Mark Brown (broonie, debian dot org), for pointing out DoS
   14 		capability
   15 Danger:		medium (only trusted users should be able to connect to
   16 		leafnode, lest it was installed improperly).
   17 CVE Name:	CVE-2002-1661
   18 URL:		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1661
   19 
   20 Affects:	leafnode 1.9.20 up to 1.9.29
   21 
   22 Not affected:	leafnode 1.9.30 and 1.9.31
   23 
   24 Default install: unaffected.
   25 
   26 Introduced:	2002-03-14 23:41:40 UTC (CVS)
   27 		2002-03-25 20:58    leafnode 1.9.20 released
   28 
   29 Corrected:	2002-11-08 17:14:41 UTC (CVS) - committed corrected version
   30 		2002-12-04 00:40    leafnode 1.9.30 released
   31 
   32 0. Release history
   33 
   34 2002-12-29	1.00 initial announcement
   35 2005-05-07	1.01 add CVE name and URL
   36 
   37 1. Background
   38 
   39 leafnode is a store-and-forward proxy for Usenet news, is uses the
   40 network news transfer protocol (NNTP). It consists of several
   41 collaborating programs, the server part is usually started by inetd,
   42 xinetd or tcpserver, the client part is usually started by cron or
   43 manually.
   44 
   45 This security announcement pertains to leafnode-1, the stable branch.
   46 
   47 The leafnode-2 development branch has not yet seen a stable release, so
   48 it is not subject to security announcements.
   49 
   50 2. Problem description
   51 
   52 A vulnerability was found in the leafnode program (the NNTP server) that
   53 may go into an infinite loop with 100% CPU use when an article that has
   54 been crossposted to several groups, one of which is the prefix of
   55 another, and when this article is then requested by its Message-ID.
   56 
   57 Note though that one newsgroup name MUST NOT be the prefix of anohter
   58 newsgroup's name, these problems show up however in badly-maintained or
   59 anarchistic hierarchies such as alt.* or free.*.
   60 
   61 3. Impact
   62 
   63 This vulnerability can make leafnode's nntpd server, named leafnode, go
   64 into an unterminated loop when a particular article is requested. The
   65 connection becomes irresponsive, and the server hogs the CPU. The client
   66 will have to terminate the connection and connect again, and may fall
   67 prey to the same problem; ultimately, there may be so many leafnode
   68 processes hogging the CPU that no serious work is possible any more and
   69 the super user has to kill all running leafnode processes.
   70 
   71 4. Workaround
   72 
   73 No sane workaround can be presented.
   74 
   75 5. Solution
   76 
   77 Upgrade your leafnode package to version 1.9.30 or 1.9.31, or apply the
   78 patch below and recompile and reinstall. Note that leafnode 1.9.X
   79 versions are stable, and it is usually best to go for the latest
   80 released 1.9.X version to have all the other bug fixes as well.
   81 
   82 Note that while leafnode 1.9.19 is unaffected, it has other critical
   83 bugs, it can corrupt parts of its news spool under certain circumstances
   84 and should not be used. The details are however not subject of this
   85 security announcement as these problems are believed not to be security
   86 problems.
   87 
   88 leafnode 1.9.31 is available from sourceforge:
   89 
   90 http://sourceforge.net/project/showfiles.php?group_id=57767&release_id=130347
   91 
   92 6. Solution details
   93 
   94 revision 1.83
   95 date: 2002/11/08 17:14:41;  author: emma;  state: Exp;  lines: +1 -1
   96 
   97 A. References
   98 
   99 leafnode home page: http://www.leafnode.org/
  100 
  101 B. Patch
  102 
  103 diff -u -C4 -r1.81 -r1.83
  104 *** nntpd.c	24 Sep 2002 16:04:01 -0000	1.81
  105 --- nntpd.c	8 Nov 2002 17:14:41 -0000	1.83
  106 ***************
  107 *** 520,527 ****
  108 --- 520,528 ----
  109   			localartno = strtoul(q, NULL, 10);
  110   			markgroup = group->name;
  111   			break;
  112   		    }
  113 + 		    p = q;
  114   		}
  115   	    }
  116   	    /* if we don't have a localartno, then we need to mark this
  117   	     * article in a different news group */