denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phil_schwartz | denyhosts | 2.6 |
| debian | debian_linux | 7.1 |
| debian | debian_linux | 6.0 |
| fedoraproject | fedora | * |
| debian | debian_linux | 7.0 |