Denial of Service Vulnerability in denyhosts by Fail2Ban
CVE-2013-6890

Currently unrated

Key Information:

Vendor: Debian
Status: Debian Linux; Fedora
Vendor: CVE Published:; 23 December 2013

Summary

denyhosts 2.6 contains a vulnerability stemming from the incorrect implementation of a regular expression during the analysis of authentication logs. This flaw enables remote attackers to exploit the system by sending specially crafted login names, ultimately leading to a denial of service through erroneous IP address blocking. As a result, legitimate users may find themselves unable to access resources due to legitimate requests being denied.

References

http://secunia.com/advisories/56239

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=1045982

x_refsource_MISC

http://seclists.org/oss-sec/2013/q4/535

mailing-listx_refsource_MLIST

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2013
Vulnerability Reserved
Nov 28, 2013