Executive Summary
Summary | |
---|---|
Title | DenyHosts: Denial of Service |
Informations | |||
---|---|---|---|
Name | GLSA-201406-23 | First vendor Publication | 2014-06-25 |
Vendor | Gentoo | Last vendor Modification | 2014-06-25 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201406-23.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201406-23.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21063 | |||
Oval ID: | oval:org.mitre.oval:def:21063 | ||
Title: | DSA-2826-1 deny hosts - Remote denial of ssh service | ||
Description: | Helmut Grohne discovered that deny hosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make deny hosts ban arbitrary IP addresses. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2826-1 CVE-2013-6890 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | denyhosts |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28977 | |||
Oval ID: | oval:org.mitre.oval:def:28977 | ||
Title: | DSA-2826-2 -- denyhosts -- remote denial of ssh service | ||
Description: | Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2826-2 CVE-2013-6890 | Version: | 3 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | denyhosts |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 3 | |
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17067.nasl - Type : ACT_GATHER_INFO |
2015-01-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17081.nasl - Type : ACT_GATHER_INFO |
2014-06-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-23.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2826.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-06-27 13:26:20 |
|
2014-06-26 00:24:08 |
|