denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | 6.0 (including) | 6.0 (including) |
| Debian_linux | Debian | 7.0 (including) | 7.0 (including) |
| Debian_linux | Debian | 7.1 (including) | 7.1 (including) |
| Fedora | Fedoraproject | * | * |
| Denyhosts | Ubuntu | lucid | * |
| Denyhosts | Ubuntu | precise | * |
| Denyhosts | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://seclists.org/oss-sec/2013/q4/535
- http://secunia.com/advisories/56239
- http://www.debian.org/security/2013/dsa-2826
- https://bugzilla.redhat.com/show_bug.cgi?id=1045982
- http://seclists.org/oss-sec/2013/q4/535
- http://secunia.com/advisories/56239
- http://www.debian.org/security/2013/dsa-2826
- https://bugzilla.redhat.com/show_bug.cgi?id=1045982