Executive Summary

Summary
Title DenyHosts: Denial of Service
Informations
Name GLSA-200710-14 First vendor Publication 2007-10-13
Vendor Gentoo Last vendor Modification 2007-10-13
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service.

Background

DenyHosts is designed to monitor SSH servers for repeated failed login attempts.

Description

Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA
200701-01.

Impact

A remote unauthenticated attacker can add arbitrary hosts into the blacklist, including the "all" keyword, by submitting specially crafted version identification strings to the SSH server banner. An attacker may use this to prevent legitimate users from accessing a host remotely.

Workaround

There is no known workaround at this time.

Resolution

All DenyHosts users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r1"

References

[ 1 ] CVE-2007-4323 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200710-14.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200710-14.xml

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-14 (denyhosts)
File : nvt/glsa_200710_14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42482 DenyHosts Crafted Client Version sshd Log File Parsing Arbitrary Host Additio...

Nessus® Vulnerability Scanner

Date Description
2007-10-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-14.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:11
  • Multiple Updates