Vulnerability Description
DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Denyhosts | Denyhosts | 2.6 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=181213
- http://osvdb.org/45298
- https://bugzilla.redhat.com/show_bug.cgi?id=237449
- http://bugs.gentoo.org/show_bug.cgi?id=181213
- http://osvdb.org/45298
- https://bugzilla.redhat.com/show_bug.cgi?id=237449
FAQ
What is CVE-2007-5715?
CVE-2007-5715 is a vulnerability with a CVSS score of 4.3 (MEDIUM). DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detecti...
How severe is CVE-2007-5715?
CVE-2007-5715 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5715?
Check the references section above for vendor advisories and patch information. Affected products include: Denyhosts Denyhosts.