denyhosts: denial of service
| Package(s): | denyhosts | CVE #(s): | CVE-2006-6301 | ||||
| Created: | January 3, 2007 | Updated: | January 3, 2007 | ||||
| Description: | A botched regular expression allows a remote attacker to add arbitrary hosts to the denyhosts blacklist, causing those hosts to be unable to make ssh connections to the target system. | ||||||
| Alerts: |
| ||||||
Posted Jan 4, 2007 5:29 UTC (Thu)
by yarikoptic (guest, #36795)
[Link]
Posted Jan 4, 2007 17:24 UTC (Thu)
by epithumia (subscriber, #23370)
[Link]
1) http://sourceforge.net/mailarchive/message.php?msg_id=376...
Debian rules -- its users foreseen similar problem in analogous fail2ban loong ago, so Debian-shipped fail2ban has been running without such a vulnerability for more than a year (recent upstream released of fail2ban adopted Debian-introduced solution). denyhosts is a younger party in Debian thus gentoo people got to the problem first.denyhosts: denial of service
This was fixed upstream and in Fedora Extras back on December 8. Unfortunately the folks who discovered the bug neglected to inform the upstream author [1], but I brought it to the denyhosts mailing list and got a new upstream release in a few minutes.denyhosts: denial of service