Red Hat Bugzilla – Bug 252291
CVE-2007-4323 denyhosts denies hosts
Last modified: 2007-11-30 17:12:13 EST
DenyHosts 2.6 does not properly parse sshd log files, which allows
remote attackers to add arbitrary hosts to the /etc/hosts.deny file
and cause a denial of service by adding arbitrary IP addresses to the
sshd log file, as demonstrated by logging in via ssh with a client
protocol version identification containing an IP address string, a
different vector than CVE-2006-6301.
I believe this was fixed nearly two months ago; see bug 244943. At least the
referenced URL is the same. I have no idea why a CVE is just now being assigned.
I'll leave this open since perhaps you know something I don't; if you can
provide evidence that this is a new issue then please do so.
Jason: Closing this -- pardon me for the noise, I should have looked into
*** This bug has been marked as a duplicate of 244943 ***