SECUNIA ADVISORY ID: SA23236
VERIFY ADVISORY: http://secunia.com/advisories/23236/
CRITICAL: Moderately critical
IMPACT: DoS
SOFTWARE: DenyHosts 2.x - http://secunia.com/product/12830/
DESCRIPTION: Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the parsing of log files before adding an entry in /etc/hosts.deny. This can be exploited to add arbitrary IP addresses to /etc/hosts.deny resulting in a DoS for that IP. The vulnerability is confirmed in version 2.5. Other versions may also be affected.
SOLUTION: Use another product.
PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy
ORIGINAL ADVISORY: http://bugs.gentoo.org/show_bug.cgi?id=157163
DenyHosts *hosts.deny* Denial of ServicePosted on Thursday, December 07, 2006 @ 00:35:51 UTC in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
