Back to search
CVE-2007-4323
Published: Aug 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42482
vdb-entry
x_refsource_OSVDB
denyhosts-sshd-logfiles-dos(37199)
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943
x_refsource_CONFIRM
http://www.ossec.net/en/attacking-loganalysis.html
x_refsource_MISC
26061
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=181213
x_refsource_CONFIRM
27254
third-party-advisory
x_refsource_SECUNIA
GLSA-200710-14
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now