DenyHosts: Denial of Service — GLSA 201406-23

A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition.

Affected Packages

app-admin/denyhosts on all architectures
Affected versions < 2.6-r9
Unaffected versions >= 2.6-r9

Background

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks.

Description

DenyHosts does not properly define the regular expressions used when parsing SSH authentication logs.

Impact

A remote attacker could possibly cause a Denial of Service condition via a crafted login name.

Workaround

There is no known workaround at this time.

Resolution

All DenyHost users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6-r9"
 

References

Release Date
June 25, 2014

Latest Revision
June 25, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries