Launchpad.net

CVE 2007-5715

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

Related bugs and status

CVE-2007-5715 (Candidate) is related to these bugs:

Bug #133569: regex error causes hosts to not be denied

		In	Importance	Status
133569	regex error causes hosts to not be denied	denyhosts (Ubuntu)	Undecided	Fix Released
133569	regex error causes hosts to not be denied	denyhosts (Ubuntu Feisty)	Medium	Fix Released
133569	regex error causes hosts to not be denied	denyhosts (Fedora)	Medium	Fix Released
133569	regex error causes hosts to not be denied	denyhosts (Debian)	Unknown	Fix Released
133569	regex error causes hosts to not be denied	denyhosts (Ubuntu Edgy)	Undecided	Fix Released
133569	regex error causes hosts to not be denied	denyhosts (Ubuntu Gutsy)	Undecided	Fix Released

Bug #162406: CVE-2007-4323: DoS via log injection

		In	Importance	Status
162406	CVE-2007-4323: DoS via log injection	denyhosts (Ubuntu)	Undecided	Fix Released
162406	CVE-2007-4323: DoS via log injection	denyhosts (Ubuntu Feisty)	Undecided	Fix Released
162406	CVE-2007-4323: DoS via log injection	denyhosts (Gentoo Linux)	Low	Fix Released
162406	CVE-2007-4323: DoS via log injection	denyhosts (Fedora)	High	Fix Released
162406	CVE-2007-4323: DoS via log injection	denyhosts (Ubuntu Edgy)	Undecided	Fix Released
162406	CVE-2007-4323: DoS via log injection	denyhosts (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5715

Related bugs and status

Related bugs

References