[Bug 218824] New: CVE-2006-6301: denyhosts 2.5 hosts.deny DoS
bugzilla at redhat.com
bugzilla at redhat.com
Thu Dec 7 18:24:50 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218824
Summary: CVE-2006-6301: denyhosts 2.5 hosts.deny DoS
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: denyhosts
AssignedTo: tibbs at math.uh.edu
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: extras-qa at fedoraproject.org,fedora-security-
list at redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6301
"DenyHosts 2.5 does not properly parse sshd logs file, which allows remote
attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial
of service by adding arbitrary IP addresses to the sshd log file, as
demonstrated by loggig in to ssh using a login name containing certain strings
with an IP address, which is not properly handled by a regular expression."
Based on version numbers, affects FE-3+ and EPEL-4+
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-security-list
mailing list