Bug 252291 - (CVE-2007-4323) CVE-2007-4323 denyhosts denies hosts
CVE-2007-4323 denyhosts denies hosts
Status: CLOSED DUPLICATE of bug 244943
Product: Fedora
Classification: Fedora
Component: denyhosts (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
http://www.ossec.net/en/attacking-log...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-15 01:10 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-15 06:29:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-08-15 01:10:00 EDT
Name: CVE-2007-4323
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20070813
Category:
Reference: MISC:http://www.ossec.net/en/attacking-loganalysis.html

DenyHosts 2.6 does not properly parse sshd log files, which allows
remote attackers to add arbitrary hosts to the /etc/hosts.deny file
and cause a denial of service by adding arbitrary IP addresses to the
sshd log file, as demonstrated by logging in via ssh with a client
protocol version identification containing an IP address string, a
different vector than CVE-2006-6301.
Comment 1 Jason Tibbitts 2007-08-15 01:26:00 EDT
I believe this was fixed nearly two months ago; see bug 244943.  At least the
referenced URL is the same.  I have no idea why a CVE is just now being assigned.

I'll leave this open since perhaps you know something I don't; if you can
provide evidence that this is a new issue then please do so.
Comment 2 Lubomir Kundrak 2007-08-15 06:29:14 EDT
Jason: Closing this -- pardon me for the noise, I should have looked into
updates before.

*** This bug has been marked as a duplicate of 244943 ***

Note You need to log in before you can comment on or make changes to this bug.