Bug 252291 (CVE-2007-4323)

Summary: CVE-2007-4323 denyhosts denies hosts
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: denyhostsAssignee: Jason Tibbitts <j>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 7CC: dennis
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.ossec.net/en/attacking-loganalysis.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-15 10:29:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-08-15 05:10:00 UTC 
Name: CVE-2007-4323
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20070813
Category:
Reference: MISC:http://www.ossec.net/en/attacking-loganalysis.html

DenyHosts 2.6 does not properly parse sshd log files, which allows
remote attackers to add arbitrary hosts to the /etc/hosts.deny file
and cause a denial of service by adding arbitrary IP addresses to the
sshd log file, as demonstrated by logging in via ssh with a client
protocol version identification containing an IP address string, a
different vector than CVE-2006-6301.
Comment 1 Jason Tibbitts 2007-08-15 05:26:00 UTC 
I believe this was fixed nearly two months ago; see bug 244943.  At least the
referenced URL is the same.  I have no idea why a CVE is just now being assigned.

I'll leave this open since perhaps you know something I don't; if you can
provide evidence that this is a new issue then please do so.
Comment 2 Lubomir Kundrak 2007-08-15 10:29:14 UTC 
Jason: Closing this -- pardon me for the noise, I should have looked into
updates before.

*** This bug has been marked as a duplicate of 244943 ***