Secunia
Login
|
|
CVE Reference: CVE-2007-4322 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4322 |
|
|
Description: BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. |
|
|
CVE Status: Candidate |
|
|
References: OSVDB 36515 MISC http://www.ossec.net/en/attacking-loganalysis.html CONFIRM http://www.aczoom.com/tools/blockhosts/CHANGES |
|
| Return to the previous page. |
