FKIE_CVE-2007-4321

Vulnerability from fkie_nvd - Published: 2007-08-14 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=181214
cve@mitre.orghttp://osvdb.org/42484
cve@mitre.orghttp://secunia.com/advisories/23237
cve@mitre.orghttp://secunia.com/advisories/28374
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200707-13.xml
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1456
cve@mitre.orghttp://www.ossec.net/en/attacking-loganalysis.html
cve@mitre.orghttp://www.securityfocus.com/bid/25117
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=181214
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42484
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23237
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28374
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200707-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1456
af854a3a-2127-422b-91ae-364da2661108http://www.ossec.net/en/attacking-loganalysis.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25117
Impacted products
Vendor Product Version
fail2ban fail2ban 0.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fail2ban:fail2ban:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B134790-909B-4CD8-A5AE-E9B2B1CCFFF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302."
    },
    {
      "lang": "es",
      "value": "fail2ban 0.8 y anteriores no analizan sint\u00e1cticamente de forma correcta los ficheros de log, lo cual permite a atacantes remotos a\u00f1adir hosts de su elecci\u00f3n al fichero /etc/hosts.deny y provocar una denegaci\u00f3n de servicio a\u00f1adiendo direcciones IP al fichero de log de ssh, como ha sido demostrado iniciando sesi\u00f3n v\u00eda ssh con una identificaci\u00f3n de versi\u00f3n del protocolo del cliente que contiene una cadena de direcci\u00f3n IP, un vector diferente que CVE-2006-6302."
    }
  ],
  "id": "CVE-2007-4321",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-14T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=181214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/42484"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23237"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28374"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200707-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1456"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ossec.net/en/attacking-loganalysis.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=181214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200707-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ossec.net/en/attacking-loganalysis.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25117"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.