Bug 252291 (CVE-2007-4323) - CVE-2007-4323 denyhosts denies hosts
Summary: CVE-2007-4323 denyhosts denies hosts
Status: CLOSED DUPLICATE of bug 244943
Alias: CVE-2007-4323
Product: Fedora
Classification: Fedora
Component: denyhosts
Version: 7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jason Tibbitts
QA Contact: Fedora Extras Quality Assurance
URL: http://www.ossec.net/en/attacking-log...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-15 05:10 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2007-08-15 10:29:14 UTC

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-08-15 05:10:00 UTC
Name: CVE-2007-4323
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323
Assigned: 20070813
Reference: MISC:http://www.ossec.net/en/attacking-loganalysis.html

DenyHosts 2.6 does not properly parse sshd log files, which allows
remote attackers to add arbitrary hosts to the /etc/hosts.deny file
and cause a denial of service by adding arbitrary IP addresses to the
sshd log file, as demonstrated by logging in via ssh with a client
protocol version identification containing an IP address string, a
different vector than CVE-2006-6301.

Comment 1 Jason Tibbitts 2007-08-15 05:26:00 UTC
I believe this was fixed nearly two months ago; see bug 244943.  At least the
referenced URL is the same.  I have no idea why a CVE is just now being assigned.

I'll leave this open since perhaps you know something I don't; if you can
provide evidence that this is a new issue then please do so.

Comment 2 Lubomir Kundrak 2007-08-15 10:29:14 UTC
Jason: Closing this -- pardon me for the noise, I should have looked into
updates before.

*** This bug has been marked as a duplicate of 244943 ***

Note You need to log in before you can comment on or make changes to this bug.