DenyHosts *hosts.deny* Denial of Service Date: Wednesday, December 06, 2006 @ 23:41:26 CST Topic: Security SECUNIA ADVISORY ID: SA23236 VERIFY ADVISORY: http://secunia.com/advisories/23236/ CRITICAL: Moderately critical IMPACT: DoS SOFTWARE: DenyHosts 2.x - http://secunia.com/product/12830/ DESCRIPTION: Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the parsing of log files before adding an entry in /etc/hosts.deny. This can be exploited to add arbitrary IP addresses to /etc/hosts.deny resulting in a DoS for that IP. The vulnerability is confirmed in version 2.5. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://bugs.gentoo.org/show_bug.cgi?id=157163 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2539