Name: CVE-2007-4323 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4323 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20070813 Category: Reference: MISC:http://www.ossec.net/en/attacking-loganalysis.html DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
I believe this was fixed nearly two months ago; see bug 244943. At least the referenced URL is the same. I have no idea why a CVE is just now being assigned. I'll leave this open since perhaps you know something I don't; if you can provide evidence that this is a new issue then please do so.
Jason: Closing this -- pardon me for the noise, I should have looked into updates before. *** This bug has been marked as a duplicate of 244943 ***