LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

denyhosts: denial of service

Package(s):denyhosts CVE #(s):CVE-2006-6301
Created:January 3, 2007 Updated:January 3, 2007
Description: A botched regular expression allows a remote attacker to add arbitrary hosts to the denyhosts blacklist, causing those hosts to be unable to make ssh connections to the target system.
Alerts:
Gentoo 200701-01 2007-01-03
(Log in to post comments)

denyhosts: denial of service

Posted Jan 4, 2007 5:29 UTC (Thu) by yarikoptic (subscriber, #36795) [Link]

Debian rules -- its users foreseen similar problem in analogous fail2ban loong ago, so Debian-shipped fail2ban has been running without such a vulnerability for more than a year (recent upstream released of fail2ban adopted Debian-introduced solution). denyhosts is a younger party in Debian thus gentoo people got to the problem first.

denyhosts: denial of service

Posted Jan 4, 2007 17:24 UTC (Thu) by epithumia (subscriber, #23370) [Link]

This was fixed upstream and in Fedora Extras back on December 8. Unfortunately the folks who discovered the bug neglected to inform the upstream author [1], but I brought it to the denyhosts mailing list and got a new upstream release in a few minutes.

1) http://sourceforge.net/mailarchive/message.php?msg_id=376...

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds