Vulnerabilities > CVE-2007-5715 - Configuration vulnerability in Denyhosts 2.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

denyhosts

CWE-16

NVD

Published: 2007-10-30

Updated: 2008-11-15

Summary

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

Vulnerable Configurations

Part	Description	Count
Application	Denyhosts Denyhosts Denyhosts 2.6	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://bugs.gentoo.org/show_bug.cgi?id=181213
http://osvdb.org/45298
https://bugzilla.redhat.com/show_bug.cgi?id=237449