Lucene search

K
nvd[email protected]NVD:CVE-2007-5715
HistoryOct 30, 2007 - 7:46 p.m.

CVE-2007-5715

2007-10-3019:46:00
CWE-16
web.nvd.nist.gov
9
denyhosts
openssh
sshd
allowusers
remote attackers
detection
blocking
invalid login attempts

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.041

Percentile

92.3%

DenyHosts 2.6 processes OpenSSH sshd “not listed in AllowUsers” log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

Affected configurations

Nvd
Node
denyhostsdenyhostsMatch2.6
VendorProductVersionCPE
denyhostsdenyhosts2.6cpe:2.3:a:denyhosts:denyhosts:2.6:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.041

Percentile

92.3%