ID CVE-2006-6301
Summary DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
References
Vulnerable Configurations
  • cpe:2.3:a:denyhosts:denyhosts:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:denyhosts:denyhosts:2.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 21468
confirm http://bugs.gentoo.org/show_bug.cgi?id=157163
gentoo GLSA-200701-01
secunia
  • 23236
  • 23603
vupen ADV-2006-4876
xf denyhosts-log-files-dos(30761)
Last major update 29-07-2017 - 01:29
Published 06-12-2006 - 19:28
Last modified 29-07-2017 - 01:29
Back to Top