Description:

I have my machine set up as follows:

hosts.deny:

ALL: ALL

hosts.allow:

ALL: <my home ip address>

This has worked well to keep my server from being attacked. However, I received an email from our IT department over the weekend saying that they had received abuse complaints from this server.

This morning I come in to investigate, and found that an attacker had gained access through a dictionary attack over ssh (there is an account with a necessarily weak password -- hence the deny ALL rules). The attack originated from an unknown IP address, and should have been blocked by tcp wrappers.

While looking into the problem, I came across this: http://www.linuxforums.org/forum/red-hat-fedora-linux/92634-sshd-hosts-allow-deny-broken.html

Sure enough, the latest version of openssh (5.8p2-9) was compiled without tcp_wrappers support, as it is not linking to libwrap. Needless to say, this needs to be fixed immediately.

Rolling back to version 5.8p2-8 from the pacman package cache fixed the problem.

Steps to reproduce:
1. Install the latest libssh, 5.8p2-9
2. Add "ALL: ALL" to /etc/hosts.deny
3. Log in from a denied host
4. Wreak havoc (optional)