Lucene search

[email protected]CVE-2007-4323

HistoryAug 14, 2007 - 12:17 a.m.

CVE-2007-4323

2007-08-1400:17:00

[email protected]

web.nvd.nist.gov

denyhosts

2.6

cve-2007-4323

sshd log parsing

denial of service

nvd

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

93.0%

JSON

DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.

Affected configurations

NVD

Node

denyhostsdenyhostsMatch2.6

CPENameOperatorVersion
denyhosts:denyhostsdenyhostseq2.6

CPE	Name	Operator	Version
denyhosts:denyhosts	denyhosts	eq	2.6

References

bugs.gentoo.org/show_bug.cgi?id=181213

osvdb.org/42482

secunia.com/advisories/27254

security.gentoo.org/glsa/glsa-200710-14.xml

www.ossec.net/en/attacking-loganalysis.html

www.securityfocus.com/bid/26061

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943

exchange.xforce.ibmcloud.com/vulnerabilities/37199

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2007-4323

prion3 nvd4 cvelist4 ubuntucve3 nessus2 openvas4 gentoo2 cve3