Back to search
CVE-2007-2765
Published: May 18, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
24090
vdb-entry
x_refsource_BID
ADV-2007-1906
vdb-entry
x_refsource_VUPEN
36516
vdb-entry
x_refsource_OSVDB
blockhosts-daemonlog-dos(34426)
vdb-entry
x_refsource_XF
http://www.aczoom.com/tools/blockhosts/CHANGES
x_refsource_CONFIRM
25352
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now