Back to search
CVE-2007-4321
Published: Aug 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1456
vendor-advisory
x_refsource_DEBIAN
23237
third-party-advisory
x_refsource_SECUNIA
42484
vdb-entry
x_refsource_OSVDB
25117
vdb-entry
x_refsource_BID
28374
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=181214
x_refsource_MISC
GLSA-200707-13
vendor-advisory
x_refsource_GENTOO
http://www.ossec.net/en/attacking-loganalysis.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now