Published: 23/12/2013 Updated: 24/12/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote malicious users to cause a denial of service (incorrect block of IP addresses) via crafted login names.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora
debian debian linux 7.0
debian debian linux 7.1
debian debian linux 6.0
phil schwartz denyhosts 2.6

Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhos ...

source: wwwsecurityfocuscom/bid/64478/info DenyHosts is prone to a remote denial-of-service vulnerability Successfully exploiting this issue allows remote attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users ssh -l 'Invalid user root from 123123123123' 21212121 ...

CWE-287 http://seclists.org/oss-sec/2013/q4/535 https://bugzilla.redhat.com/show_bug.cgi?id=1045982 http://secunia.com/advisories/56239 http://www.debian.org/security/2013/dsa-2826 https://nvd.nist.gov https://www.debian.org/security/./dsa-2826 https://www.exploit-db.com/exploits/38909/

CVE-2013-6890

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect