DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
BID:26061
Info
DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
| Bugtraq ID: | 26061 |
| Class: | Design Error |
| CVE: |
CVE-2007-4323 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 13 2007 12:00AM |
| Updated: | Oct 15 2007 05:37PM |
| Credit: | Jonathan Underwood discovered this vulnerability. |
| Vulnerable: |
Redhat Fedora 7 Phil Schwartz DenyHosts 0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
DenyHosts is prone to a remote denial-of-service vulnerability becaus the application fails to properly ensure the source of authentication-failure messages.
Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. Exploiting this allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.
This issue is a variant of the vulnerability discussed in BID 21468 (DenyHosts Remote Denial of Service Vulnerability).
DenyHosts is prone to a remote denial-of-service vulnerability becaus the application fails to properly ensure the source of authentication-failure messages.
Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. Exploiting this allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.
This issue is a variant of the vulnerability discussed in BID 21468 (DenyHosts Remote Denial of Service Vulnerability).
Exploit / POC
DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
Attackers use standard SSH-client software to exploit this issue.
Attackers use standard SSH-client software to exploit this issue.
Solution / Fix
DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
Solution:
Please see the referenced advisories for more information.
Solution:
Please see the referenced advisories for more information.
References
DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
References:
References:
- Attacking Log analysis tools. (Daniel B. Cid)
- Bugzilla Bug 244943: Security vulnerability - log injection vector - Remote DOS (Jonathan Underwood)
- DenyHosts Home Page (Phil Schwartz)