CVE-2007-4321
Published: 14 August 2007
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
Priority
Status
Package | Release | Status |
---|---|---|
fail2ban Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(0.8.0-4)
|
|
hardy |
Released
(0.8.0-4)
|
|
intrepid |
Released
(0.8.0-4)
|
|
jaunty |
Released
(0.8.0-4)
|
|
karmic |
Released
(0.8.0-4)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1456 |