1. CVE-Search
  2. CVE-2007-2765
ID CVE-2007-2765
Summary blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
References
Vulnerable Configurations
  • cpe:2.3:a:ac_zoom:blockhosts:*:*:*:*:*:*:*:*
    cpe:2.3:a:ac_zoom:blockhosts:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
refmap via4
bid 24090
confirm http://www.aczoom.com/tools/blockhosts/CHANGES
osvdb 36516
secunia 25352
vupen ADV-2007-1906
xf blockhosts-daemonlog-dos(34426)
Last major update 29-07-2017 - 01:31
Published 18-05-2007 - 22:30
Last modified 29-07-2017 - 01:31
Back to Top