Ac Zoom : Security Vulnerabilities, CVEs, (Denial of service)
BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
Max CVSS
6.8
EPSS Score
0.95%
Published
2007-08-14
Updated
2012-10-31
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
Max CVSS
6.8
EPSS Score
0.78%
Published
2007-05-18
Updated
2017-07-29
2 vulnerabilities found